We have a user administrator role who should only be able to view/create/edit users with access settings within their division.
The user administrator role is configured with division level access to view and assign business units. We also needed to enable system level view access to the organization entity (otherwise access settings weren’t displayed at all). Now our user administrator can create/edit users and give them access to business units.
The problem is they can see and grant access to ALL business units. A user administrator with limited access can easily create a new user for themselves with unrestricted access to all business units.
Is that how it’s supposed to work? It seems like something’s missing in the rules to determine what business units a user can assign in the access settings of a user record …
You must be logged in to reply to this topic.