1 Reply Latest reply on Oct 15, 2015 7:30 PM by Sham HC

    Restricting Groups that a User can be added to


      We are trying to allow a user/group to create new users, but only as a member of certain groups.  We have multiple "brand" super user groups.  Each "brand" super user should only be allowed to add a new user to groups for their brand. With our current configuration, the group assignment works properly for existing users, but I am unable to create new users.  The way we have the permissions set up under home is the following:

      ~/home - Allow Read

      ~/home/groups - Allow Read(applies to all child nodes as well)

      ~home/groups/e/everyone - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - not sure if this is necessary, but added it since adding a user is not working and all users are members of the everyone group

      ~home/groups/t/testbrand-group - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - this is test group that we want to be able to add other users to

      ~home/users - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate

      What permission am I missing that will allow new users to be created?

      • 0. Re: Restricting Groups that a User can be added to
        Sham HC Level 7

        At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user .  If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.