Okay let me explain what I mean here.
You have a site collection. You have 3 groups there -
- IT - the control all, overloaded people. Bottleneck as usual.
- Power users for Department X = GROUP A
- Users of Department X = GROUP B
Now, IT wants to reduce it's workload, and wants to:
a) Allow Group A to manage users of Group B
b) Not allow Group A to manage security anywhere else.
c) Allow IT itself to manage security wherever the hell they please.
How would you do it? Well, here is how.
- Create a custom security permission level, remove the "Manage Users" and "Create Groups" permissions. (How to create custom security permissions?)
- Create a SharePoint group called Group A, give it the security permission level you setup in #1.
- Create a second SharePoint Group called Group B - and specify it's owner as Group A. This works since both SPGroup and SPUser inherit from SPPrincipal, which inherits from SPMember. And SPGroup.Owner is of type SPMember.
Thats it !! ;-). now Group A can manage Group B, but nothing else.