I have been tasked with re-designing our rights model such that only a couple of individuals in our system have full Administrative Control. The biggest issue is that management does not wish for everyone in our team to have access to adding individuals to groups or adding rights to individuals, but we need those people to be able to create admin-side resources.
The situation is:
- Only 2-3 people should be able to view specific financial information we are considering adding to resources
- Currently all of our administrators can add rights and resources to groups, so they can essentially add the rights to view restricted information pages to themselves
Is this even possible? My research so far shows that "Administration - Authorization" grants rights to allow you to add resources to groups. Is there any other solution that we can do?