Skip to end of metadata
Go to start of metadata

Issue

Delegated user administration enables distribution of user administration between several administrators so that each administrator is responsible for a particular set of users. This delegation reduces the number of user administrators that have full authorizations in the portal. With this assignment, users can neither assign roles to groups, nor change the actions assigned to a role. The issue is that these users are now able to amend all existing user profiles. They can administer all available user profiles (modify, delete, lock, unlock, reset password etc.).

Resolution

The reason for this issue is that vital actions like "UME.Manage_All" and "UME.Manage_Users" are assigned to the delegated user admin role  (pcd location:portal_content/administrator/ user_admin/delegated_user_admin_role). Any role that has the "UME.Manage_All" action automatically has role assigner permissions for all roles. Make sure that only the action "Manage_Role_Assignments" is assigned to the delegated user admin role. This provides permissions to assign portal roles for which users have role assigner permissions to users within the assigned company. "Manage_Role_Assignments" is the default action for delegated user administration.

  1. Hi,

    I want to remove some tabs like 'Assigned Role' and 'Assigned Groups' from Delegated User Admin role so that admin user (having Delegated User Admin role assigned) will only be able to see General Information for any user. Could you please suggest on it.

    -Regards

    Nitin Goel