Assign Users and Groups to a Delegated Administration Role

Assign Delegated Administration to Groups

You can determine which portal administrators can administer which user groups by assigning Delegated Administration roles to those groups.

To Assign Delegated Administration to Groups:

In the Users & Groups tool, select an authentication provider from the "Browse User-Groups from" field.
In the resource tree, select the group to which you want to assign delegated administration. (If you do not see a list of groups, see the Notes below.)
Selected the Edit Delegated Administration tab.
Use the drop-down menu in the Delegated Administration editor to select a role.
Click Add Role.
Roles that are allowed to administer groups must also have rights to access the authentication provider(s). If the delegated administration role you are assigning to the group does not have access to the authentication provider(s), a dialog box asks if you would like to grant access to the Provider as well.
- Click OK to provide access to the authentication provider(s) and assign the delegated administration role to the group.
- Clicking Cancel does not provide access to the authentication provider(s) and does not assign the delegated administration role to the group.
Check the box next to each administrative right you want to grant.
Click Save.

If you are using more than one authentication provider, it is possible to have a group in one provider with an identical name to a group in another provider. When you set Delegated Administration on a group, an administrator in that Delegated Administration role will be able to administer that group in all providers that contain that group—IF the administrator also has Delegated Administration rights to those other providers.

Notes: If a list of groups is not displayed, make sure you have built a group hierarchy tree for the authentication provider. If after that you still do not see a list of groups, the authentication provider probably does not allow read access (see View Security Provider Properties to find out). However, you can activate a text field for group name entry for authentication providers that do not allow read access.

If you are using an RDBMS authentication provider, be aware of case sensitivity when looking up groups. For example, group "Managers" is different than group "managers.