About viewing users that have the Master Admin role in Aperture
When viewing an identity, you can see if a user has the master admin role granted directly to their user object by reviewing their identity details from the Identity inventory. However, this only shows whether or not the master admin role is granted directly to the user object.
Therefore, when checking to see if a user has the master admin role from the Identity inventory, you shouldn't rely on the "Master Admin" indicator alone; you should also look at the groups to which the user is assigned so that you can verify if the groups themselves grant the master admin role.
EXAMPLE The following identity details page for a user named dkirkham shows that this user does not have the master admin role applied (Master Admin is set to No):
This means that the user has not been granted the master admin role directly. However, note that this user is part of two groups: Security Team and MasterAdmins. If you were to review the MasterAdmins group, you'd find that it grants master admin permissions to its members. Therefore, this user has master admin permissions to the system, even though the role has not been expressly granted to this user's account.
TIP When viewing identity details, the information shown depends on your identity and assigned roles. In the image above, Master Admin and the two additional roles below it are only visible when you're looking at your own identity, or if you had been given the master admin role directly. Non-admins cannot see this information for other users than themselves.
To learn more about roles, see Understanding system roles. To learn more about how to assign roles, see Managing system role assignments in Venafi Configuration Console.