Segregation of Duties > Completing Prerequisite Activity > Disabling the Superuser Role
  
Disabling the Superuser Role
The Superuser role is specially configured to provide assigned users with access to all resources in the system. Treat this role like a system administrator role, and only assign it to a few trusted users.
Before you activate segregation of duties, it is recommended that you use Role Modify (36.3.6.2) to disable the superuser role to prevent any further users from being added as role members.
It is also recommended that you select the Excluded from SOD field for the superuser role in SOD Role Exclusion (36.3.27.8). Excluding the superuser role from segregation of duties means that no segregation of duties violations will be raised for this role, which speeds up the activation of segregation of duties. See Segregation of Duties Role Exclusions.
Important: If you attempt to activate segregation of duties and the Excluded from SOD field is cleared for the superuser role, a warning displays to indicate that the activation may not process correctly. You are then presented with the option to activate segregation of duties from the command line or to continue with the activation using the UI. If the Excluded from SOD field is not selected for the superuser role, it is recommended that you use the command line to activate segregation of duties. See Activating Segregation of Duties from the Command Line.