Clarity

Manual user creation involves assignment of rights and assigning the new user to groups. If Admin wants to delegate this task of creation to a new users(less than admin) can he restrict the new user from getting all rights added to him and become admin?

is it possible to assign rights to a user who should be able to create new user but can only assign selective rights or put newly created user in selective group only.

e.g A user X should be able to create new user X1 but X should not be allowed to assign all the available rights/group to this X1 but selective one.

You could do this through a custom object

i.e. 

• Non admin creates object instance with details, pick groups etc
• Process initiates as admin with resource creation rights
• Reads the data in instance and checks
• loads resource
• post creation steps (emails etc)

Works well

Similar to
Rights to allow creating and administrating a user without allowing management of Groups or Rights? 

^ yeah, thats exactly what I was alluding to in that other thread.

Guess it could also be done as a process/job (i.e. without the custom object stuff) - as long as the "type" of user that you are trying to create is well-defined - so the admin-user just submits the job (with a parameter of "user type" or some such) and the backend does all the work.

I've also set up XLS solutions that do a similar thing ; just calls XOG with the relevent XML to create a user based on parameters captured in the XLS - but that was setup really for ease-of-use/consistency rather than for any security reasons.