I'm in the process of creating user administration roles for positions like 'help desk'.
These roles need to have the following limitations:
- can only assign roles/privilges for specific user groups, and not others. (attribute MX_ADMIN_UNIT)
- cannot assign roles in Dev/Test repositories, only production.
I understand using access control on tasks to create a filter specifying which user groups a user can complete assignments 'on behalf of'.
However, I haven't found a similiar way to limit the respositories this help desk role can assign roles to.
Has anyone dealt with this type of requirement?