- Sidebar: Users, Audit Logs and Security now only visible to super_admin - AdminController: requireSuperAdmin() check on users() and auditLogs() - AdminController: super_admin check on createUser, updateUser, deleteUser JSON endpoints - securitySettings() already had the check in place