So, to confirm, it's not possible to create a role which just has the responsibility of creating users and assigning them to sites?
This is something I don't understand about Kentico. It forces us to give clients global admin permissions to perform simple, granular tasks like this. It means someone in, for example, a client's IT department with responsibility for managing users, has to also be given the power to change templates, delete web parts, delete entire sites etc. To me this is extremely dangerous. Other CMS's allow us to define granular administrator roles with very specific permissions. Does Kentico have any plans to do this? It makes it very difficult when dealing with enterprise clients who wish to separate CMS roles throughout the business.