This post seems to be getting off topic. rupreck has a very legitimate concern here that I just discovered as well. That is how I found this post. A lower level staff member with access to manage customers can completely lock out any and all Global administrators and then self promote themselves to Global administrator.
For a temporary fix, is it possible to only allow access to the "Customer Roles" tab in Customer Details (administration/CustomerDetails.aspx) for administrators with the "Manage Customer Roles" privilege checked in the Access Control List? Or, more realistically, remove this tab for administrators without this privilege.
For a temporary fix, is it possible to only allow access to the "Customer Roles" tab in Customer Details (administration/CustomerDetails.aspx) for administrators with the "Manage Customer Roles" privilege checked in the Access Control List? Or, more realistically, remove this tab for administrators without this privilege.
Wondering if this issue got resolved and what the solution was. toddg, I agree with you.
Please advise if you have come across a solution. I need staff members to grant/deny access to their customers but not become global admin themselves.