Assign a responsible member to manage group membership

[AustinGrey]

Hi everyone, I'm working on my first Joomla website to replace an old system. In that system there was a very basic user management section, where I could define groups and users, and say if a user belonged to a group. There was another important feature - I could also assign a user (not necessarily in the group) to be responsible for the group membership. But these users are typically end-users who shouldn't have access to the Joomla back end, or be able to see membership of any other group but the ones that they manage.

Is there a way to set this up in the ACL, and if so are there any guides to point me in the right direction? Any help would be appreciated.

I tried looking up User Group Ownership Joomla, but that's littered with UNIX file permissions topics, and it seems that there are enough other topics on ACL that it clutters the results any other way I go looking, so I apologize but I haven't really found much in the way of other solutions to try yet.

[Webdongle]

In Global config you can set a user group to sign in admin but leave 'Access Administration Interface ' Inherited Not Allowed.
Then in Users >>> Options Allow 'Access Administration Interface ' and Create and Edit own.

Users in that Group can then login to /administrator and only see the Users menu. They will be able to Create Users, User Groups, users viewing access levels etc. And only edit the ones that they create. But they will be able to set that user to any user group.

You will need to trust your users to stick to creating/editing users for the user group you tell them.

[AustinGrey]

Thank you very much for your response. Although it isn't exactly what we need it seems to be a safer bet than creating our own user management component right now. I will definitely give it a shot!

If that doesn't work, and if you have time to answer another question, is there anything stopping us from looking into editing the values in the Joomla user, usergroups, viewlevels, etc tables ourselves in a house made component? We're intermediate PHP devs, so if it's not an expected use case/dangerous I can see that not being an option to take.

[Per Yngve Berg]

I have previously suggested that the Joomla Category System is implemented in User Manager. By putting the users into categories, managers can be set to the categories so only users in a given category is allowed to be changed.

It will solve the OP's issues. It requires replacing two plugins (Joomla User and Joomla Authentication)

[sozzled]

I have previously suggested that the Joomla Category System is implemented in User Manager. By putting the users into categories, managers can be set to the categories so only users in a given category is allowed to be changed.

Perhaps this is my misunderstanding from the translation.

I am not aware of the "Joomla Category System". Perhaps we are talking about User Groups (i.e. ACLs)? It would also help if we might see where this suggestion was previously made with a URL link. In any case, while the brief information may be on topic, I think it would help if there was a more comprehensive explanation than simply stating how the "Joomla Category System"—I don't understand what that means—will address the problem.

It will solve the OP's issues. It requires replacing two plugins (Joomla User and Joomla Authentication)

Again, it may help to know what these two plugins should be replaced with.

Thanks. Looking forward to more information on this subject that may be of interest to many site administrators who need this level of granularity for administering users.

[Webdongle]

I have previously suggested that the Joomla Category System is implemented in User Manager. By putting the users into categories, managers can be set to the categories so only users in a given category is allowed to be changed.

...

I think he means that Users can be allocated to categories. i.e. By default can view all categories their user group has access for. But (by editing values in the user add/edit screen) can be restricted to specific categories. That way when the user group (they are in) is given Create and edit access ... they can only Create/edit users in categories they are assige to not all the categories that their User Group has access to.

[sozzled]

Thanks, @Webdongle, but I'm not sure it answers my question and I'm not sure if it answers the OP's question.

I understand about associating users with article categories (so that authors, editors and publishers are able manage website content). However, the subject of this topic and the OP's first post, is also a little unclear. Perhaps I've misunderstood the original question.

My understanding of the question was about how a site owner could delegate to another person or persons the task of recruiting, registering and therafter managing subsets of the total user membership. For example, suppose you had a club that comprised "management", lawn bowls, tennis, darts, sewing, etc. Let's say you wanted to delegate some of the members to be responsible for allocating members to the "management" team, to allocate members to the lawn bowls membership, to the darts members, etc. I think that was the kind of thing implied in the original question.

I addition to giving people delegated powers to manage subsets of the entire user population, there is also the matter of allocating the privileges necessary to allow members of those subsets to be able to work with content used by those subsets if you follow my meaning.

The part that I don't understand is the part I inferred in the area of delegation of powers over the Joomla User Manager feature or with various parts of it.

[AustinGrey]

Hi @sozzled, I'm just confirming that your example is correct, thanks for your help. I am envisioning a system where one User Group is set to be in charge of managing who belongs to another User Group. For a more business oriented example, you might have an HR department in charge of hiring, and a Publishers team that has access to a publishers only component page. The people in the HR group should be the only ones allowed to give a new publisher access to that publishers group - which gives them access to that component.

[Webdongle]

Although User Group Create edit etc Permissions can be can be set per categories (and Articles) ... the Users Create edit etc Permissions can not. If you give a User Group Create/edit Permissions in User Options then they can Create/edit users and assign them to any User Group.

[sozzled]

Ah, I think I've found the source of my misunderstanding. Thanks, @AustinGrey, for confirming the question.

I probably took @Per's reply too literally:

I have previously suggested that the Joomla Category System is implemented in User Manager.

I suspect that the true meaning, if I rewrite it, is this:

"Some time ago I made a suggestion to the Joomla community for the User Manager facility to incorporate a 'user category system'. By putting users into categories, managers can be assigned to the categories so that they have control over only those users within those categories.

"This feature does not currently exist in Joomla. I believe that it would require rewriting two plugins."

Perhaps that addresses your question? I think @Webdongle's reply immediately after the original post in this topic is probably the best answer you'll get. As he stated, it involves an element of trusting your delegated users to use their privileges responsibly but it's also comforting to know that, as a superuser, you have to means to fix up their mistakes (if they should make any).

Yep, I think it would a real bonus if a future version of Joomla incorporated the facility as I understand that @Per outlined it. Cheers.