I want to have user rights split into two. Some of the policies at the client's side mention that we should have a seperate user who has only the rights to add users and nothing else, and the Site Administrator should not be able to add users.

As of now, the Site Admin is used to Add users and to manage other configuration. Can we remove the User Addition role from Site Admin?

Is there a way to create a new User Role by writing some code?

+1  A: 

I don't think it is possible to remove any permissions from the site administrator. You could do something wild like add security code to your master page, however. That could detect the current user and the current page, and throw an error if the site administrator were in the wrong place.

I am not sure whether this is possible or not, but I am also trying to find out if we can get an alternative. WE have to do this some how!!
+1  A: 

You can create a custom permission level, provided your permission sets summarise to one of the options offered by the SPBasePermissions enumeration. Unfortunately there is no specific 'add user' permission, only ManagePermissions. For reference anyway, here's a basic code sample.

I think the best approach is that given by strongopinions where a piece of code runs to check who the user is if they visit the Add User page.

Alex Angas
Thanks Alex. Let me have a look at this too. Will update this shortly.

related questions