Hi Jason, I found something which is almost what I want. I added a new group called "subadmin" and gave users in this group access to several admin modules, in Config.pm: $Self->{'Frontend::Module'}->{'Admin'}->{Group} = ['admin','subadmin']; $Self->{'Frontend::Module'}->{'AdminUser'}->{Group} = ['admin','subadmin']; $Self->{'Frontend::Module'}->{'AdminGroup'}->{Group} = ['admin','subadmin']; etc... The only problem this has is that a subadmin can create and edit users and so he can make himself member of the admin group and do everything. So all I need is a restriction that a user which is not a member of the admin group, cannot put users in the admin group. This way a subadmin has control over all users and groups, but not admin. He could still disable real admins, but that's no real issue for me, since I always can restore it in the database and revoke his subadmin rights :) HTH, -- Kind regards, Richard Hinkamp richard@besite.nl ................... BeSite Internetdiensten www.besite.nl