This came up in a user training today.
Currently I seem to be able to give admins the ability to add a new user to any group, or take that ability away - it's all or nothing.
IOW if an admin creates a new user, she can add that user to any available group, if I've given her group control over Permissions - or she can't add them to any groups at all, if I haven't.
What I think would make sense is to be able to restrict admins so that they can only add users to groups that they (the admins) themselves belong to.
So if I have editorial (Content Editor) users who also have the ability to create new accounts, they can't put the new user (or themselves!) into the Administrator role, but they CAN add the new user to a Content Editor role.
Anyone know of an approach to this? With any luck I've simply missed something in the existing perms setup...