An administrator’s right to create, modify and delete other users is defined by the administrator’s access role. The access role includes a list of access functions as well as a list of which access roles the administrator can configure.
At the bottom right part of the Access roles window, opened from the User account window or via Organisemenu choice, you find the Can modify/ create user with access role title. This is where you see the roles a selected role is allowed to administrate. To view or modify the access functions for a specific role, you first select the role in question in the list under the Access role title.
Under the Selected title you see which roles the specific role is allowed to administrate. If the role is to administrate other roles you select them from the Available list.
You move selected access functions from one list to the other by clicking on the corresponding arrow button.
An administrator can never create/delete a user with more comprehensive access areas than the administrator himself. However, an administrator can modify such a user.
A set of roles should be shaped so that they form a hierarchy with regards to which roles may administrate which other roles.
A role at a lower level in the hierarchy is always subordinate to a particular role at the level immediately above in the hierarchy. The fact that a role R2 is subordinate to a role R1 means that an administrator with the role R1 is allowed to administrate users with the role R2. Note that a role can be subordinate to itself.
