Getting Started
Using Lark
More Resources
AI Assistant
Help Center AI Assistant is now available
Got questions about Lark? Use our AI chat to find the answers.
00:00
Click and hold to drag
Got It
Try Now
Admin Console
Settings
Administrator permissions
Admin | Set quarantine sensitive permissions

Admin | Set quarantine sensitive permissions

1 min read
Available with these plans:
Starter
Basic
Pro
Enterprise
To upgrade your Lark Plan or for more information, contact Support or your Customer Success Manager. The Lark Basic plan supports only specific countries and regions.
I. Intro
🔖
Who can perform these steps: Primary administrators.
Primary administrators have access to every permission in the Admin Console, apart from disbanding the organization. However, if some permissions are deemed to be sensitive (such as the admin log), the organization can quarantine these permissions from primary administrators. Removing access to sensitive permissions can increase an organization's security.
II. Steps
Open the Lark Admin Console, click Settings > Administrator Permissions, then click Details > Quarantine sensitive permissions to the right of the primary administrators.
250px|700px|reset
20230817-111446.jpg
250px|700px|reset
Check the permissions you wish to quarantine, thereby removing primary administrators' access.
250px|700px|reset
33.png
Click Save, confirm the permissions to be quarantined in the pop-up window, and then select whether or not to send a notification to the primary administrators telling them that these permissions have been removed.
250px|700px|reset
If you choose to send a notification, the primary administrators will be notified of the change by the Admin Assistant bot.
250px|700px|reset
III. FAQs
Can primary administrators restore quarantined permissions on their own initiative?
Yes. Primary administrators can uncheck quarantined sensitive permissions in the Quarantine sensitive permissions page, updating permission settings for all primary administrators.
How can you prevent primary administrators from restoring quarantined permissions?
This can't currently be prevented, but it can be traced. If a primary administrator restores any quarantined permission, you can go to Security > Audit Log > Admin Log and select Settings > Permission Change under Event type to view the change. This functionality will be made more complete in future, allowing you to prevent sensitive permissions from being restored. Stay tuned!
250px|700px|reset
Can permissions that have been quarantined from primary administrators be assigned to another person?
Yes. Even when certain sensitive permissions have been quarantined from primary administrators, they can still assign these permissions to other members, such as security administrators.
Can you quarantine different sensitive permissions for different primary administrators?
You cannot currently set different restrictions for different primary administrators. Any quarantine will apply to all primary administrators.
However, there is an alternative way of doing this:
Take the example of an organization that wants to quarantine access to the API log, but still wants primary administrators A and B to have access. First, the organization can quarantine the API log permission, then they can create a new administrator role, name it "API Log Administrator," and add A and B to the role.
Written by: Lark Help Center
Updated on 2024-11-21
How satisfied are you with this content?
Thank you for your feedback!
Need more help? Please contact Support.
Overview
  1. I. Intro​
  2. II. Steps​
  3. III. FAQs​
0
English
© Lark Technologies Pte. Ltd. Headquartered in Singapore with offices worldwide.
ContactSales
rangeDom
rangeDom
rangeDom
rangeDom
rangeDom