Problem statement

Our admin user has full shell access to every workspace, letting them steal secrets and manipulate workspaces at will. We have clear instructions from our customers that this is a Big Bad. Our major deployments will disable the existing admin users and will want a lesser admin role.

Definition of done

There is a lesser role than the current admin role, without the ability to enter the workspace's terminals. The current admin role is renamed to something more specific.

Suggestions

I propose we rename "admin" to "root" or "deployer". I prefer "root" since everyone knows you're not supposed to use "root", except transiently. Everyone also knows "root" is dangerous.

There is some precedent for this pattern in GitHub Enterprise, which has a special deployer access panel that is not associated with any user.

cc @Emyrk

Originally posted by @ammario in #2108 (comment)