- Test environment, not in production.
- A User manager (UM) is logged on WebUI.
- The UM is trustee "Owner (Managed by)", Scope "Users"; subtree.
- The given OU (in the example called Distrikt Nord) is "Managed by" a security group where the UM is a member.
- UM is not member of any security groups pointing to underlying OU's.
When selecting "My managed Objects", the UM can see underlying OU's (in the example "Institution N"), for which he is not manager (Owner).
Okay, the UM has no rights to perform user management in the OU (Institution N), but we expected this OU to be hidden from the UM.
Actually, we expected the "My managed objects" to be a flat representation of OU's, rather than a hierarchically one.
When adding a user to a security group, the UM gets all users displayed.
We expected only to see a list of users, for whom UM was user manager for.
In the given example, the UM should only be shown the users "Test Et" and "Test Tre", because he is user manager for those two users only.
If put into production, I do not think it would be a god idea to list +3500 users :-)
- Thanks in advance