Skip to main content

Admin Users

Certain operations require Medplum Users, Bots, or ClientApplications to have administrative privileges. Users can be granted admin rights on a per-project basis: a given user can be an admin for one project, but not another.

Medplum distinguishes between two different types of admin user: project admin and super admin.

Project Admin

A project (or tenant) level user. This is the most common type of admin user at an organization.

See our User Management Guide for more information on how to grant project admin privileges.

Project Admins have the following privileges:

Applying Access Policies to Admins

If you want to limit these privileges, you can apply Access Policies to your Admin users. See the Access Policies docs for more details.

Super Admin

A super admin user has an increased level privileges for performing server-level operations. This level of privilege can cause irreparable data changes, and should be limited to system administrators.

To grant a user super admin privilege, invite them to the Super Admin project (see this guide for more details).

Project Admins have the following privileges:

  • Overwrite all resource fields - Super admin users bypass all data validation checks, and can edit protected fields like id and meta properties.
  • Rebuild shared data structures - Certain shared resources, such as StructureDefinitions and ValueSets, sometimes need to be built after some server updates. See the Super Admin Guide for more details.
  • Create projects via API - Because Projects are system-level resources, creating them via API requires the creation of a Super Admin ClientApplication