Security levels inside Managament

@emre I just noticed an issue: If I create a new role and define management permissions, I cannot give access to Users.Role List to that role, otherwise they can go in and change the management permissions. That’s is fine.

However, if I give the role access to Users.User List, which typically you would do, as you would want to say allow a manager to add new users, the user can also delete any user, including the ones with “higher” permissions than themselves. This essentially means if we have a “support” role with full permissions, then a “manager” role with management permissions set but access to create new users, the manager can delete the support user and therefore remove all admin / support access to the system. The only way to fix would be going into the database and re-creating the user manually via the database.

Is there any way we can have something in place to stop this happening?


@emre Products.Product List is not working but Products.Price List Editor working well what might be the issue?

I got it, I needed to restart, Thanks

1 Like

how about management permissions to add the users and change the password of existing users

Pretty sure you can already do that, you can limit exactly what options under the main settings that people can access and give bespoke permissions

It shows you above how to configure it


Hi Mark,
Did you found any solution to prevent a non-admin users to add a user to a user role with a admin flag?

Jakes, there is a huge thread which I started a while back that can allow a non admin role create a user and only a specific role.

This was perfect, you just create an AMC button and map it to whoever can use it.