+ Start a Discussion

Allow reset of passwords but not able to add new users?


Is there a way to set up a user with the following limited admin rights?

- Not able to set up new users

- Able to reset passwords on existing users


Due to how the security is set up, I need to restrict who can add users and put them in the proper level of hierarchy.  But, I want to have someone able to reset passwords if I'm not available.





Try this:


If you create delegated admin groups using the normal documented steps, users in these groups can perform all "Delegating Administrative Duties" which comprises of:

* Creating and editing users and resetting passwords for users in specified roles and all subordinate roles, including setting quotas, creating default sales teams, and creating personal groups for those users
* Assigning users to specified profiles
* Managing custom objects created by an administrator
* Edit User details (e.g. Role, Marketing User, Allowing Forecasting...etc)

But if you have a requirement of defining a group of users who should not have any of the admin duties above except for resetting passwords then you can use the steps below:

1. Click Setup | Security Controls | Delegated Administration.

2. Click New.

3. Enter a group name.

4. Click Save.

5. Click Add in the Delegated Administrators related list to specify the users in this delegated group.

6. Use the magnifying glass lookup icon to find and add users to the group. The users must have the "View Setup and Configuration" permission.

7. Click Save.

8. Click Add in the User Administration related list to specify the roles and subordinates for this delegated group.

9. Use the magnifying glass lookup icon to find and add roles. Delegated administrators can reset passwords for users in these roles and all subordinated roles.

10. Click Save.

IMPORTANT: Make sure no profile is specified in the Assignable Profiles related list.


I'll give this a try.  


We have some Chinese walls between departments that complicate things.  We had a user added in the wrong level of hierarchy so we want to limit the ability to add users.  But the next twist is giving someone authority to reset passwords.


I know the user can click the link to reset their password themselves but that would be too easy and makes too much sense!


Thanks for your help...I really appreciate it.