I have been tasked with re-designing our rights model such that only a couple of individuals in our system have full Administrative Control. The biggest issue is that management does not wish for everyone in our team to have access to adding individuals to groups or adding rights to individuals, but we need those people to be able to create admin-side resources.
The situation is:
Is this even possible? My research so far shows that "Administration - Authorization" grants rights to allow you to add resources to groups. Is there any other solution that we can do?
In short, "No I don't think so"
I have seen a similar requirement solved by a (rather complex) suite of custom objects and jobs - i.e. users create "new resources" as instances of a custom object and then a job creates the actual resource via XOG. Gets really complex when rights-administraton (of selected rights) is required as well.
I thought that this would be the case but was hoping it wouldn't be. Thank you for the quick response, David.