Restricting Groups that a User can be added to

Question

We are trying to allow a user/group to create new users, but only as a member of certain groups. We have multiple "brand" super user groups. Each "brand" super user should only be allowed to add a new user to groups for their brand. With our current configuration, the group assignment works properly for existing users, but I am unable to create new users. The way we have the permissions set up under home is the following:

~/home - Allow Read

~/home/groups - Allow Read(applies to all child nodes as well)

~home/groups/e/everyone - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - not sure if this is necessary, but added it since adding a user is not working and all users are members of the everyone group

~home/groups/t/testbrand-group - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - this is test group that we want to be able to add other users to

~home/users - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate

What permission am I missing that will allow new users to be created?

Sham_HC · Accepted Answer

At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user . If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded