Why is this an issue?
The sn_si.admin role is added to the admin role during SIR activation. This role grants the user access to all Security Incident Admin information and privileges, as well as the ability to read, create, and add/edit content types.
This is an issue since the admin may not be permitted to read and write sensitive data.
Best practices
To prevent the System Administrator from reading sensitive data, remove the Security Incident Admin role from the System Administrator.
The com.snc.security_incident plugin will need to be installed.
With admin access, follow these procedures to remove the role:
In the Filter Navigator, search for User Administration > Roles
Search for admin
From the Contains Roles tab, click Edit
From the Contains Roles List column, highlight and move sn_si.admin to the Collection column and Save
Log out and log back in to ensure that the changes take effect.