Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Restricting Groups that a User can be added to

marissaw9851252
Level 3
Level 3

We are trying to allow a user/group to create new users, but only as a member of certain groups.  We have multiple "brand" super user groups.  Each "brand" super user should only be allowed to add a new user to groups for their brand. With our current configuration, the group assignment works properly for existing users, but I am unable to create new users.  The way we have the permissions set up under home is the following:

~/home - Allow Read

~/home/groups - Allow Read(applies to all child nodes as well)

~home/groups/e/everyone - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - not sure if this is necessary, but added it since adding a user is not working and all users are members of the everyone group

~home/groups/t/testbrand-group - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate - this is test group that we want to be able to add other users to

~home/users - Allow Read/Create/Modify/Delete/Read ACL/Edit ACL/Replicate

What permission am I missing that will allow new users to be created?

1 Accepted Solution
Sham_HC
Correct answer by
Level 10
Level 10

At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user .  If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.

View solution in original post

1 Reply
Sham_HC
Correct answer by
Level 10
Level 10

At high level steps looks ok to me though you have give more permissions & should work. I am guessing you might have not logged in as "brand" super user .  If you have logged in as "brand" super user validate the acl evaluation & is always bottom up. May be some other restriction blocking in creating a user.

View solution in original post