as this is my first post here I wanna use this occasion to thank the developers and the community for such a graet product.
I would like to ask you for advice in the following situation:
I want to create a group of users (lets call them group-admins) that is responsible for assigning other users to groups and removing them again from those groups if necessary. I mananged to do this by setting up a policy that grants the permission to use the umc module groups and creating a group “group-admins” which is assigned to that policy. Users which are members of tht group can now log in and exclusively see the module groups. Nice!
Now the Problem is that they can assign themselves to other groups, like the domain-admins, which nullifies any security concepts.
Is there a way to restrict the “group-admins” to be able to edit just a specific set of groups or mark groups as exclusively be edited by “domain admins” os some method similar to that?
Thanks in advance and kind regards!