How do I design one or more Security Roles to meet the following criterias:
A user can only be added to a group within a given scope when:
1 - The user requests membership to a given group for himself.
- or -
2 - A user, that is member of (for example) "All user managers", requests membership to a given group for another user.
Actually #2 is working, but I cannot get the "self" to work, without giving the user rights to add other users to groups too :?
Membership may requires approval by the group manager, but that workflow is working too.