Restricting access to specific roles in user management

Dillon Hoefener shared this question 3 years ago

If I set up a role that has permission to create/update/delete users and user groups, how can I restrict which roles that role has access to when creating users?

The use case is for a user with the power user role to be able to create/update a user to use one of two roles (read only, power user), but that role should not have any access to the system administrator role and should never be allowed to assign a user to it.

How do I go about setting this up? I see a "Restrict Visible Roles" permission in the role management settings, but I cannot find a place to select which roles are restricted and don't see details around this in the wiki.


Replies (1)


Hi Simon,

Nathan got me squared away on this with instructions below. I didn't see the restricted roles setting in the configuration section. The use case for this is a customer deployment where we have one admin role only accessible to internal developers while simultaneously having a power user role for the customer's use that a user can use to set up new users at their company. Our customers will only be consuming content and we will be providing all reports/dashboards so that is why we have to limit admin permissions exposed to them.

"Restricted Roles are first defined in the gear icon->general settings tab of the configuration menu:

You can then set the following permission on your sub-admin. They will be able to create users with any role except that specified in the menu above:"

Leave a Comment
Attach a file