This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to edit and delete other users — more specific than Drupal Core's all-or-nothing 'administer users' permission. It also provides and enforces a 'create users' permission.

See the README.txt file for a full explanation of the permissions.

UPDATE - the new version has a dependency on chain_menu_access which you will need to add when you upgrade. This handy module gives much better co-operation when using multiple access modules together, plus it simplifies the code.


Recent fixes have improved the compatibility with other modules that alter the permissions or interface for user admin. Even so, if you are using other modules please test the combined function carefully. See the following issues that document the interaction with particular modules:

Drupal 8

The Drupal 8 version of this module is under active development and will be released shortly.

Drupal 7.x.2.x

Version 2 of the module fixes various security problems in version 1. There is a new version because the instructions and permissions are a little different. Your permissions should upgrade automatically, but it's important to check.

Version 2 of the module was sponsored by AlbanyWeb.

Drupal 7.x.1.x

Version 1 of the module was originally written assuming sub-admin users would have the permission 'administer users', which was later discovered to be insecure. This version will be deleted once version 2 is a full release.

If you choose to use this version, you either need to

  • grant the sub-admins 'administer users' permissions and trust them not to exploit the insecurity
  • leave 'administer users' off, and accept various functions won't work.

Drupal 5.x and 6.x

This module is no longer supported for Drupal 5.x and 6.x.

Project Information