How can we have a Super User that has full authorization on the system without assigning any privileges.

[YazidKrypto]

I wonder how there is no simple way to disable the authorization checks for specific super users? developers are asking here and here if, using Spring Security, there's any way to set specific users as Super Admins who should be able to do anything without the need neither to have specific privileges nor inherit them from other users.

If this is really the case, I suggest that the community should add this ability, including the following features:

• Add the ability to set specific roles or privilege owners or users as Super User who has access to all the resources regardless the configurations under the WebSecurityConfig configurations.
• reflect that on ThymeLeaf, and make hasRole, hasAuthority, etc return true whenever those super users are logged in.

[dsyer]

Thanks for the ideas. This isn't really the best place to discuss them though, since it's really just some documentation. Spring security has its own issue tracker in GitHub, and that would be a great place to ask for new features.

[YazidKrypto]

Thank you, I am copying this there then.