Currently, there is only one set of functions to check admin user privilege (isSuperUser() and isSuperUser(String)). And those functions are used all over existing Sakai code to bypass context-related security checks.
We propose two new functions as to support levels of admin users (isSuperAdminUser() and isSuperAdminUser(String)) and changes to implementation so that the new isSuperAdminUsers would return true for the current "full-range administrators" and isSuperUsers would return true for both "full-range administrators" and "lite admins".
With the support of the above new functions, a new "AdminLite" tool has been implemented to use by those lite admin users (UMICH-232). The tool is a combination of legacy Admin Sites tool, Realms tool, Users tool and Become Users tool, but in a much function-lite version