Restricting the set of Users a particular administrator can manage

Killian Walsh asked on August 31, 2017 17:21

Hi, I'd like to be able to allow particular administrators to manage (CRUD) ONLY certain groups of users (segregated by user role or some other property). Is this something that is possible within the standard Users application or would I have to create a custom module?

Thanks, Killian

Recent Answers

Trevor Fayas answered on August 31, 2017 18:14

There isn't a default user interface to only manage people in your group. My recommendation is to either clone or simply modify the existing User Interface to add a WHERE condition (with a macro) that will limit the users returned on the list if the user matches your criteria (just be careful to not limit users who should not be limited).

This can be done through Modules > Membership > User Interfaces > CMS/Administration/Configuration/Users/Users, click on "Customize", go to Properties to see the where condition.

The below will allow all users is the user is at least an administrator, otherwise will limit the Users by some limiting query you will need to define:

MembershipContext.AuthenticatedUser.CheckPrivilegeLevel(UserPrivilegeLevelEnum.Admin) ? "1=1" : "UserID in ([limiting query])"

You may not need to do "code" this may be fully possible through the portal method this way, but here are some links on both methods if you need to create a custom interface.

If you need more info on Permissions on Custom Interfaces, check my blog link below.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on August 31, 2017 19:00

Roles should get you close to what you're looking for but will not allow you to configure it 100%. You could use as Trevor suggest and create your own module as a solution.

You also have to think about a user's privilege level. A user with a global administrator privilege level can do pretty much anything even with specific restricting roles assigned. Privilege level is checked over a role in most cases from a global administrator standpoint.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.