I want to give my helpdesk the ability to look up an end user on the end user page and then click the 2 check boxes under service settings for:
Home Cluster
Enable User for Unified CM IM and Presence (Configure IM and Presence in the associated UC Service Profile)
I created a new role base on the Standard CCMADMIN Read Only and uncheck all of the check boxes with the exception of user pages.
I created a new Group and added my new roll and the Standard CCM Admin Users role to my new gourp which is called helpdesk.
My issue is the users I have added to the new group Helpdesk have the ability to add themselves to a higher group such as the super user group.
Is there a way to prevent a user from escalating their own priviliages?