Execute Privilege: grant-my-privilege
A user with the grant-my-privileges privilege can assign privileges that they already possess to roles that they are allowed to modify. This feature works in conjunction with the “data roles” feature. The grant-my-privileges privilege is useless in isolation, as its only purpose is to assign privileges to roles.
To access the grant-my-privilege feature:
Click Security in the left tree menu. A list of security items appears.
Click Executive Privileges.
Look in the Privilege column and scroll down until the grant-my-privileges link appears.
Click grant-my-privileges . The Execute Privilege screen opens.
Select the roles to assign to the privilege.
Click OK when you are done to save the changes.
The precise set of privileges that a user can assign is determined by the privileges that they already possess. It is not possible for a user to assign a privilege that they do not possess (admin, for example). If a user attempts to change the privileges associated with a role, the request will succeed if (and only if) the following conditions apply:
The user has the “grant-my-privileges” privilege. A user without this privilege cannot make any changes to the privileges associated with a role.
The user has the “create-data-roles” privilege and the necessary granular edit privilege for the role that they are modifying. Without these privileges, they cannot modify the role.
The user possesses all of the privileges that they are attempting to add or remove from the role.