Hi, wondering if there’s a simple solution to this that I’m missing. I want one of our internal user roles to manage users with other roles in the environment (i.e. Create, Read, Update, Delete) but I don’t want them to be able to manage the actual administrators. This logically seemed fairly straight forward in that I just set this setting in the Security of the app: However as soon as I enable this and run the app I get an error when creating a user. This is down to the user no longer having access to view the User Roles Reference Set Selector (When the above is set to “All” this isn’t an issue). So does anyone have any advice as to how I should be handling this so that the user can manage only certain types of user but still able to create users with the other roles/edit users with the other roles? Note I tried limiting the roles with an xpath constraint to only the roles the user has access to manage but that didn’t help (I didn’t expect it to) If there’s any sort of documentation on this that anyone can point me to that’d be great.
to give a user role not ‘ALL’ access to create other users you need to check (No User role) check box is the way to allow a user can to create other allowed roles without giving it all, this upgrade happened from Mendix recently during the last few months.
Good that you've already solved some of your problems. if you want more information about security you can look here: