Hi, I have a use case as follows:
I want to delegate the following permission for my administration staff:
1. Read/Write/Create/Delete users created by them ONLY (but they cannot Read/Write/Create/Delete other users who are not created by them) => otherwise, they may modify the Administrator or my passwords or details too.
=> also means the admin staff cannot see "Guest", "Administrator" and "my account".
2. Admin staff can assign roles for the users they created ONLY, but they cannot change their own role.
3. Naming Series: Read/Write/Create/Delete
4. Company: Read/Write/Create/Delete
5. Global Default: Read/Write
6. Letter Head: Read/Write/Create/Delete
7. Print Heading
For achieving the above need, I created a "System User" role and added permission for 3 - 7. However, for 1 - 2, I cannot figure out how to do it?
I have tried to restrict the user permission by setting properties, but I found there is a bug (See attached screenshot). => It said "it shows user Created By = michaellam@xxxx", but it is not true. I checked database, when "michaellam@xxxx" created a user, the owner is not "michaellam@xxxx", just the "modified_by" column is "michaellam@xxxx".
Can anyone kindly tell me how to achieve the above 7 items. (especially the 1 - 2 items)
Many thanks,