| // authorizing-users |
| |
| [id="super-privileged-mode_{context}"] |
| = super-privileged mode |
| |
| The *manageSystem* permission can be extended to provide a *super-privileged* mode. This allows the user to perform advanced actions on any resources managed by the system. A user can read and stop any workspace with the *manageSystem* permission and assign permissions to other users as needed. |
| |
| The *super-privileged* mode is disabled by default. To change to the *super-privileged* mode, set the `CHE_SYSTEM_SUPER__PRIVILEGED__MODE` variable to `true` in the `che.env` file. The following is a list of services that are enabled for users with the *manageSystems* permissions and with *super-privileged* mode on. |
| |
| [options="header"] |
| |==== |
| |Path|HTTP Method|Description |
| |/workspace/namespace/{namespace:.*}|GET|Get all workspaces for the given namespace. |
| |/workspace/\{id}|DELETE|Stop a workspace. |
| |/workspace/\{key:.*}|GET|Get a workspace by key. |
| |/organization/resource/\{suborganizationId}/cap|GET|Get a resource cap for the given organization. |
| |/organization/resource/\{suborganizationId}/cap|POST|Set the resource cap for a given organization. |
| |/organization/\{parent}/organizations|GET|Get the child organizations. |
| |/organization|GET|Get the user's organizations. |
| |==== |
