I am trying to limit some users to only updating a user’s password for when a user is locked out. There is a group created that has access to the Security Admin permissions. I have then limited the access via the Security Admin permissions in the system configuration. When doing this a user with group permissions to the Security Admin can also create users can edit their permissions to make them a system admin.
Customer support service by UserEcho