Skip to main content

Articles in this section

See more
Print

How to allow membership changes only for groups located in the Admin Unit scope and Additional scopes

  • Updated

How to allow membership changes only for groups located in the Admin Unit scope and Additional scopes

Summary: This article contains step-by-step instructions on how to allow membership changes only for groups located in the Admin Unit scope and Additional scopes.

Applies to: Cayosoft Administrator 7.2.x and later

Configuration

To manage who can change group memberships in Cayosoft Administrator, it's important to understand how Admin Units and Additional scopes are used to define visibility and control. These scopes limit what resources (like groups) a user can manage based on their role. You can configure and view these scopes when setting up a Delegation Rule and assigning a user or admin to a specific Admin Unit.

If you're unfamiliar with how users and groups are displayed based on scope, see this article about the AD Users web query — it demonstrates how visibility is controlled by Admin Units and Additional scopes.

When you delegate access to one of the following web actions, the delegated user would be able to remove any group from the Member Of list:

  • User Properties web action.

  • Add to Groups web action.

  • Compare Membership web action (Active Directory).

If you have a set of Active Directory groups that are managed centrally and you do not want to delegate the Admin Unit administrators permission to remove accounts from these groups, you can restrict that access further by changing the Allow membership changes for these groups setting on these web actions. In this case, delegated administrators will be able to change membership only for groups located in the Admin Units scope:

  1. In the Cayosoft Administrator Console, navigate to Configuration > Web Portal > Web Actions.

  2. Select the User Properties, Compare Membership, or Add to Groups web actions.

  3. Open the More Options section.

  4. Set the Allow membership changes for these groups to Only groups located in the Admin Unit scope and Additional Scopes. You might also need to set the Additional Scopes setting on the AD Users web query. See the AD Users web query article for details.

  5. If you use the Compare Membership web action, you should also set Allow to edit membership to Yes.

  6. Save changes.

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.