Users with the "Manage Users" permission should *NOT* get an error when changing another user's profile with "Modify All Data"
Last updated 2020-01-24 ·Reference W-2922695 ·Reported By 10 users
There is currently a validation the prevents a user with the "Manage Users" permission and without the "Modify All Data" permission to change the profile on another user to a profile that contains "modify all data" OR to remove a existing profile containing "modify all data".
However, this same "Manage User" can remove or add the "modify all data" permission to any profile or permission set so this system validation is not really helping with separation of duties and is in fact a hinderance to separate a pure "user administrator" from a "data administrator".
Give a user the "manage users" permission.
Have them try to update a profile without "modify all data" to include "modify all data" - for example - there will be an error that they don't have permission to do this.
Have a user with Modify All Data make the change or use Delegated Administration.
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.