I have been looking for a way to delegate adding and removing users from groups through the MIM Portal to our Service Desk.
I have tried creating an MPR that grants read access to All Groups and All Group Attributesm, and another MPR that grants Add and Remove Multivalues attributes for the Manually Managed Membership attribute.
Also I have excluded these user from the NON Administrators set as well.
Currently they still cannot see any Security groups(Im not managing Distribution Groups in MIM).
Is there something that I am missing?