Restricting access to specific roles in user management

Dillon Hoefener shared this question 54 days ago
Answered

If I set up a role that has permission to create/update/delete users and user groups, how can I restrict which roles that role has access to when creating users?

The use case is for a user with the power user role to be able to create/update a user to use one of two roles (read only, power user), but that role should not have any access to the system administrator role and should never be allowed to assign a user to it.

How do I go about setting this up? I see a "Restrict Visible Roles" permission in the role management settings, but I cannot find a place to select which roles are restricted and don't see details around this in the wiki.

Thanks

Comments (4)

photo
1

Hi Dillon,


Thanks for your question.


I don't think this is something that is possible, and I'm unsure about why this would be necessary. User Management via something like Client Orgs or automated through LDAP would be my initial thought.


Would you mind quickly explaining your use case so I can understand if there is another way of thinking about it? If there is any sensitive information shared, I will make sure to change this to a private ticket if necessary.


Kind regards,

Simon

photo
1

Hi Simon,

Nathan got me squared away on this with instructions below. I didn't see the restricted roles setting in the configuration section. The use case for this is a customer deployment where we have one admin role only accessible to internal developers while simultaneously having a power user role for the customer's use that a user can use to set up new users at their company. Our customers will only be consuming content and we will be providing all reports/dashboards so that is why we have to limit admin permissions exposed to them.

"Restricted Roles are first defined in the gear icon->general settings tab of the configuration menu:


You can then set the following permission on your sub-admin. They will be able to create users with any role except that specified in the menu above:"

photo
1

Hi Dillon,


Thanks for clarifying, and apologies for my misunderstanding!


You are correct, Restricted Roles are found in the Security Functions of a Role, and achieve what you were setting out to do. Here is an article that covers security functions including this one.


Let me know if you have any further questions, otherwise, I will go ahead and mark this question as closed.


Kind regards,

Simon

photo
1

Hi Dillon,


I'm just messaging to let you know that I will be marking this question as completed.


Please don't hesitate to re-open this question by respond here and I will get back to you shortly.


I hope you enjoy the rest of your week!


Kind regards,

Simon