Delegations allow configuration and assignment of specific Roles, Users, and Groups to be managed by other personnel. User Delegations can be found in Administration->Security & Permissions->Delegations.
Or, put another way, Delegations are what you use when you want to grant access to manage only a subset of users.
Default Delegation
The Default Delegation that exists by default can be updated by selecting the Edit option from the Actions menu.
The Details tab only contains the Name field for the delegation.
The Delegates tab details the roles, groups, and users that can be managed by this delegation. By default the only configuration here is the Everyone role indicating that this would allow users who have been granted user management permissions to manage all users in the system.
The Assignment tab allows configuration of the user, groups, and roles that will be able to perform the management of the delegates in the role. By default the Everyone role is assigned to this. Note: This does not mean that all users can manage other users, this will only apply to any user who have User Read/Update/Create/Delete permissions.
Creating a new Delegation
Select the Create option. We're going to create a Delegation that allows members of the Active Directory Domain Admins group to manage accounts in the Domain Users group.
In the Delegates tab go to the Delegate Groups option and begin entering the Domain Users group, the auto-complete system will begin filtering and should prompt this group as an option. Select this and it will be added to the list of delegates.
In the Assignment tab begin entering Domain Admins into the Groups option. As before, the auto-complete will display this should it can be selected.
Save the delegation and it will now be presented in the Delegations list and now be active.
