Lets say I have centralized database and can't trust administrators (like in Azure or other cloud service). Lets say I solved the problem of authentication and I can trust user identity. Lets say I use certificates to authenticate and encrypt data (private key never leaves the client machine).
How can I design the application/database to promote one or more users as administrators (users that can set up access rights to others).
I know one way: Every user must point the person that will manage access rights for him, but what if we want to change the administrator - every user must do it again ?
Other way I can think of is to sign user certificates by administrator certificate. Then use the rule: if you are my certificate signer then I respect your settings. But still I don't know what to do when we want to add new administrator, or change to new one.
I'm completly lost with this problem.
Anyone ?