EDIT: So far, trying the method below my "restricted" user can't see the User Manager menu item in the gui, so even if the other changes I made are correct, I can't test them. I'm no coder, so I'm still looking for exactly how the menus are drawn.
I'm making a start into this. I looked into /etc/inc/priv.defs.inc to find "interesting" php file names. From there, I started looking at files in /usr/local/www to see what is there. Here is my general plan:
Make a copy of system_usermanager.php to system_usermanager_restricted.php, modify the copy to remove functions I don't want the restricted user to be able to do.
Go to /etc/inc/priv folder and create a custom usermanager_restricted.priv.inc file and point the options therein to /usr/local.www.system_usermanager_restricted.php.
I don't know if everything I want to restrict is in that one file. At this point, I'd like my restricted user to be able to :
Create a new user
Set username for new user
set password for new user
tick the box to create a new cert for the user
save new user.
POSSIBLY delete users.
Caveats I see are that it is possible that the custom files I create could be removed during a future upgrade, so I'm going to have to keep a copy of the custom files off box just in case. Also, if the file DOES get deleted, I'm not sure what happens to the user that is relying on those files for its rights - I assume that other rights will remain, but they would loose access to the customer user manager.
If anyone has any feedback on my proposed process here, I'm all ears. I don't "know" php, but I can generally figure things out from code that is already written. This is likely going to take some trial and error (mostly error) on my part, so any hints would be appreciated.
