Feature Request: Hierarchical Group Management Permission for Delegated Users

[dahi1016]

Hello

Current Behavior
Currently, administrators can assign:

• Device Limit (maximum number of devices a user can create)
• User Limit (maximum number of sub-users a user can create)
  However, delegated users are not able to create or manage their own groups within the system.
  Even if a user is given device and user creation permissions, they cannot create sub-groups under a specific group assigned to them.

Expected Behavior

We would like administrators to be able to:
Assign a specific parent group to a delegated user
Allow that user to create and manage unlimited sub-groups under the assigned parent group
Allow full management of users and devices within their own group hierarchy
Restrict access so that they cannot see or manage groups outside their assigned structure
In short, delegated users should have hierarchical group management capability limited to their assigned group tree.

Use Case

This feature is especially important for:

• Multi-tenant environments
• Reseller structures
• Fleet management companies managing sub-customers
• Organizations with regional or branch-based hierarchy
  It would significantly improve scalability and administrative flexibility in larger deployments.

Additional Notes

This enhancement would align well with a more advanced RBAC (Role-Based Access Control) model and hierarchical permission structure.

Please let us know if this is currently possible via configuration or if it could be considered for a future release.

[tananaev]

What exactly do you mean by sub-groups? Are you talking about "user groups"?

[dahi1016]

Yes, I am referring to user groups.

Just like we can grant a user permission to create devices (Device Limit) and create users (User Limit), we would also like to allow certain users to create sub-groups under a specific group assigned to them.

For example:

• As an admin, I assign the “Istanbul” user group to a user named “abc”.
• The user abc should then be able to create sub-groups under Istanbul, such as:
  • “Üsküdar”
  • “Beyoğlu”
• The user should also be able to assign devices and users within those newly created sub-groups.
• However, this permission should be limited strictly to the “Istanbul” group hierarchy and not affect other groups in the system.

So yes, we are specifically talking about hierarchical management of user groups, where a delegated user can create and manage sub-groups under an assigned parent group.

[dahi1016]

Hi, I just wanted to check if there are any updates regarding this issue.

[tananaev]

No updates. So far I don't see any interest from the community, so we'll have to wait.

[dahi1016]

Hi @tananaev,
I would like to emphasize that this feature is extremely important for our deployment plans.
We are planning to manage and track 3,000+ vehicles, and without hierarchical group management and delegated administration, user and device management becomes very difficult at this scale.
The ability for delegated users to create and manage sub-groups only within their assigned parent group would significantly simplify administration and improve operational efficiency.
For large-scale and multi-tenant deployments, this feature is not just a convenience but a practical necessity.
If possible, I would greatly appreciate reconsideration of this feature for a future release.
Thank you for your time and continued support. I look forward to any updates regarding this request.

[tananaev]

I'm not rejecting it. Are you interesting sponsoring the work? If not, then you would need to wait until we have enough interest.

[dahi1016]

Thank you for the clarification.

At the moment, I am not planning to sponsor the development. However, I would like to emphasize that this feature would be extremely valuable for large-scale deployments.

We are planning to manage more than 3,000 vehicles, and as the number of users, groups, and devices grows, delegated administration becomes increasingly important. The ability to create and manage sub-groups within an assigned parent group would significantly simplify user management and reduce administrative workload.

I believe many organizations operating in multi-tenant or reseller environments could benefit from this functionality as well.

I hope this request gains enough interest from the community and can be considered in a future release.

Thank you for your work on Traccar and for keeping this request open.