As shown in Security > Administrator, it is possible to establish multiple ColdFusion Administrator logins with varying levels of access. Here we are adding a second user with access to ColdFusion Administrator and the API manager, but no access to ColdFusion DSN’s. This is useful in scenarios where you might have junior administrators or otherwise need to restrict access to certain parts of the administrator.

ColdFusion supports API access to some services. It is also wise to restrict access to these exposed services as they can be resource intensive if used irresponsibly.

Tip: Be sure to review our ColdFusion security recommendations to help secure your server.