Description
In our Adobe instance we have several systems connected to Adobe and each is represented as virtual report suite.
We are using product profiles to set permissions for individual virtual report suites and user groups to share the project dashboards with the user groups.
We want to roll out a delegated user management concept, so that for each application a specific user should be responsible to give other users access to the statistics of their application. This specific user is a user group admin and can add or remove other users.
Unfortunately, it is only possible to add a user if the user has been added to another user group before / added to the organization. We have been informed that the responsible user must be an admin in the product profile to add new users to the user group/organization.
BUT we cannot give them these product profile permissions as they will then be able to change the permissions of the product profile or add other virtual report suites to their product profile. => So from security point of view we cannot do this.
My request would be that it is also possible for a user group admin to add a new user to the group. We are connected to our company user management system via Azure ID. So actually all the users exist already.
Why is this feature important to you
To have a secured delegated user management process in place.
How would you like the feature to work
User group admins should be able to add a new user to the user group / organization that exist already in the connected user management system.
Current Behaviour
Only product admins can add new users from the connected user management system to the user group. But with this permission the user can do much more and assign additional permissions to the product profile. SO it is then an admin with more permissions than just permissions for the user management.