Restricting Groups that a User can be added to



We are trying to allow a user/group to create new users, but only as a member of certain groups.  We have multiple "brand" super user groups.  Each "brand" super user should only be allowed to add a new user to groups for their brand. With our current configuration, the group assignment works properly for existing users, but I am unable to create new users.  The way we have the permissions set up under home is the following:

~/home - Allow Read

~/home/groups - Allow Read(applies to all child nodes as well)

~home/groups/e/everyone - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - not sure if this is necessary, but added it since adding a user is not working and all users are members of the everyone group

~home/groups/t/testbrand-group - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - this is test group that we want to be able to add other users to

~home/users - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate

What permission am I missing that will allow new users to be created?

Accepted Solutions (1)

Accepted Solutions (1)



At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user .  If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.

Answers (0)