Administrator in ERPNext
The Administrator is the highest-level user in ERPNext and possesses unrestricted access across the entire system. While a System Manager can manage users, permissions, and most system settings, the Administrator operates above all roles and permissions and cannot be restricted by standard access controls.
The Administrator is responsible for overseeing the overall ERPNext environment and ensuring that the system functions according to the organization’s requirements.
The Administrator account has complete control over the ERPNext system and is not limited by role-based permissions.
1. Administrator vs System Manager
Although both roles have extensive access, there are important differences.
| Feature | Administrator | System Manager |
|---|---|---|
| Access to all modules | ✔ Yes | ✔ Yes |
| Create and manage users | ✔ Yes | ✔ Yes |
| Manage permissions | ✔ Yes | ✔ Yes |
| Restricted by role permissions | ✖ No | ✔ Yes |
| Unrestricted system access | ✔ Yes | ✖ No |
The Administrator account is typically reserved for critical system administration activities and should be used with caution.
2. Administrator Access in Cloud-Hosted ERPNext
For organizations using cloud-hosted ERPNext provided by Frappe Technologies, Administrator access is handled differently from self-hosted installations.
Key points include:
- The Administrator account can be accessed through the Frappe Cloud Dashboard.
- System upgrades and maintenance are managed centrally by Frappe.
- Administrator credentials are retained by the hosting provider for security and infrastructure management purposes.
- Customers generally do not receive direct Administrator credentials on shared cloud environments.
In shared cloud environments, Administrator credentials are intentionally restricted to maintain platform security and support centralized upgrades.
Why Administrator Credentials Are Restricted
Cloud servers often host multiple customer environments on the same infrastructure.
Restricting Administrator access helps:
- Protect customer data.
- Maintain server security.
- Ensure reliable upgrades and maintenance.
- Prevent unintended changes to system-level configurations.
3. Dedicated Hosting Exception
Organizations with dedicated hosting arrangements may receive broader administrative control.
In cases where an ERPNext instance is hosted on an exclusive server dedicated to a single customer, Administrator access may be provided depending on the hosting agreement.
This allows organizations greater flexibility for advanced configurations and infrastructure management.
4. Administrator Access in Self-Hosted ERPNext
For self-hosted or on-premise ERPNext installations, the organization retains full control over the Administrator account.
In these deployments:
- The Administrator credentials are owned by the organization.
- System upgrades are managed internally.
- Server-level configurations can be customized as required.
- The organization is responsible for security, backups, and maintenance.
Self-hosted deployments provide complete control over the Administrator account, but also require organizations to manage security and system maintenance themselves.
5. Best Practices for Administrator Accounts
To maintain a secure ERPNext environment, follow these recommendations:
- Use the Administrator account only for system-level tasks.
- Create separate user accounts for daily operations.
- Enable strong password policies.
- Use Two-Factor Authentication (2FA) whenever possible.
- Regularly review user roles and permissions.
- Limit access to Administrator credentials to trusted personnel only.
SECURITY TIP
Avoid using the Administrator account for routine business operations. Instead, assign appropriate roles to individual users and reserve Administrator access for system configuration, maintenance, and troubleshooting activities.
Related Topics
- Adding Users
- Role and Role Profile
- Role Based Permissions
- User Permissions
- Role Permission for Page and Report
- System Manager
SUMMARY
The Administrator is the highest-privileged user in ERPNext, with unrestricted access to all system functions. While System Managers can manage most administrative tasks, only the Administrator has complete control over the platform. Access to the Administrator account varies between cloud-hosted and self-hosted deployments, making it essential to understand and secure this account appropriately.
