This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to manage other users based on the target user\'s role.

The module defines new permissions to control access to edit/delete users - more specific than Drupal Core\'s all-or-nothing 'administer users'. It also provides and enforces a 'create users' permission.

The Drupal 8 version adds fine-grained control of assigning roles and viewing users, with an optional simple configuration mode.

Version 1.x

The module was originally written assuming sub-admin users would have the permission 'administer users', which was later discovered to be insecure.


See the README.txt file for a full explanation of the permissions.


Same function as 7.x-2.x, available as an alpha release, moderately stable. Requires core patches or workarounds.

Will eventually be retired in favour of 8.x-3.x.


New alpha release, not yet ready for live sites. Requires core patches or workarounds.

See the module help page /admin/help/administerusersbyrole for details.

Versions 2 and 3 of the module were sponsored by AlbanyWeb.


Recent fixes have improved the compatibility with other modules that alter the permissions or interface for user admin. Even so, if you are using other modules please test the combined function carefully. See the following issues that document the interaction with particular modules:

Related modules

To allow sub-admins to assign roles in D7, try Role Delegation.

Supporting organizations: 
Versions 2 and 3 of the module

Project information