Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Is there a way to give permission to certain users/groups to create users but only under certain groups?

Avatar

Level 7

Hi,

Is there a way to allow a user/group create new users but only under certain groups?

Thanks in advance.

1 Accepted Solution

Avatar

Correct answer by
Level 2

Hi,

This can be done by denying the permissions modify/write permission for the groups where the user/group is not allowed to create users and allowing these permissions only for the group(s) path where it is allowed to create users.

E.g. If a user/group is allowed to create users only under group -/home/groups/c/custom-group

  1. Deny - Modify, Create, Delete permissions under the path -/home/groups. (Keep Read permission)
  2. Allow - Read, Modify, Create, Delete permissions under the path -/home/groups/c/custom-group

By doing this the user would not be able modify members in other groups.

However there is slight issue on the front-end. When the user tries to add other groups to the created user, on the front-end it does not gives any error and it looks as if the group is successfully added for user. However, when the page is refreshed, the other groups are not really added for the user.

So it works actually, but it gives a wrong impression that it is not working. 🙂

Will try to post an update if I get chance to dig deeper and find out why it's not showing error.

Hope it helps.

Regards.

Vatsal

View solution in original post

1 Reply

Avatar

Correct answer by
Level 2

Hi,

This can be done by denying the permissions modify/write permission for the groups where the user/group is not allowed to create users and allowing these permissions only for the group(s) path where it is allowed to create users.

E.g. If a user/group is allowed to create users only under group -/home/groups/c/custom-group

  1. Deny - Modify, Create, Delete permissions under the path -/home/groups. (Keep Read permission)
  2. Allow - Read, Modify, Create, Delete permissions under the path -/home/groups/c/custom-group

By doing this the user would not be able modify members in other groups.

However there is slight issue on the front-end. When the user tries to add other groups to the created user, on the front-end it does not gives any error and it looks as if the group is successfully added for user. However, when the page is refreshed, the other groups are not really added for the user.

So it works actually, but it gives a wrong impression that it is not working. 🙂

Will try to post an update if I get chance to dig deeper and find out why it's not showing error.

Hope it helps.

Regards.

Vatsal