I am create a User Admin to manage stream access, user roles/custom properties and license allocation. He should only have QMC access but not be able to see any streams/apps in the hub.
To segregate stream allocation I have create a custom property that group the users. Dashboards are allocated to this group. The idea is to simplify stream allocation. When a new user on boards, the User Admin will only need to allocate this custom property and he will have access to the streams allocated to his group.
However, I found a loop hole where the user admin can just allocate himself a group and will be able to see the streams in the hub.
Anyone has any thoughts on how I can prevent this? Is this the best way to design a user admin?
Was thinking of a few methods but am not sure how to execute them:
1. Restrict user admin access to users by their user directory
2. Create rules to hard stop user admins from accessing hub