Super-Admin and Admin for Usermanagement

masc1 · January 14, 2024, 9:13pm

Hi I’m using Nextcloud 27. My question is: is there a way to add an administrator that has permissions for creating users and user groups only?

The idea is: I want to manage a NC for a customer. The customer should not be allowed to change any admin settings but he should be allowed to create new users and user groups.

i found that there are super-administrators and group-administrators in NC (User management — Nextcloud latest Administration Manual latest documentation)

It says: Group administrators cannot access system settings, or add or modify users in the groups that they are not Group Administrators for. Use the dropdown menus in the Group Admin column to assign group admin privileges.

So the Group administrators is almost what i need (no system settings, this is good). But the Group administrator in my case should be allowed to create new groups and users and assign the users to the groups. Is there a way to achieve this? Thanks

wwe · January 15, 2024, 3:34pm

the closest setting I’m aware of is Admin right privilege — Nextcloud latest Administration Manual latest documentation but at the moment there is no dedicated “user management” privilige. seems there is no built-in way to fulfill your requirement now.

devnull · January 15, 2024, 4:04pm

Maybe you can use scripts for occ. Admin create files and a script executes commands.

occ user commands
occ group commands

masc1 · January 15, 2024, 10:33pm

Thanks for your answer! Yes i read the Administration Manual but unfortunately this restriction is not possible.

masc1 · January 15, 2024, 10:35pm

Thanks for the info! Can you describe this in more detail? You mean to create scripts with occ, but how can i execute them? - and how does this avoid a user for accessing the system settings?

devnull · January 17, 2024, 6:38am

Maybe you can use on your linux server cron from user www-data. The other people write with a csv file (or use a form wth php) e.g.

example.csv

useradd;username
userdel;username
groupadd;groupname
groupdel;groupname
addusertogroup;username;group
deluserfromgroup;username;group

(maybe you do not allow userdel, groupdel and deluserfromgroup)

Then the cron parse the csv and creates the correct occ commands for the user www-data. After that cron deletes the csv file for new imput.