There is a number of instances where the (long time ago) deprecated rule '/super_administrator' is used for authorisation checks.
The instances can be found within the code by searching for the rule (just grep for '/super_administrator').
It would be a good idea to remove all references to the '/super_administrator' access rule, and replace them with existing or new rules, as appropriate.
Some examples of where the /super_administrator is still used:
- editendentityprofiles.jsp seems to have unused check for super_administrator privileges.
- Small documentation error in GlobalConfigurationSession.java (I don't think the actual code implementation check for super admin in any way).