Hi Yaseen,

If you go to your application menu and write Debug,You will get a lot of Debug options, click on 'Enable all'

Now impersonate the profile you are testing with and go to the group of which the user is manager of - if you still don't see the edit option to add users to the group that means something is wrong with the Write and Create ACLs

You can check all the ACL restrictions in the Debug logs

Now You can see there are 4 circles for each ACL,

1. The 2nd Circle is for roles given in the ACL

2. 3rd Circle is for the Condition statement in the ACL

3. 4th Circle is the Script in the ACL

When you click on the  record/sys_user_grmember/write, it will open the ACL, you can open the ACL and check for the roles/condition/script whichever is restricting the user to edit the table. In this way you would be able to edit the ACLs which are restricting the user.

Now in my case its working with the changes in ACLs

You don't need to give user_admin role separately, what you can do is remove the roles from the roles section and include that in the script-

if(gs.getUserID().hasRole('itil') || gs.getUserID().hasRole('user_admin'))
{
if(gs.getUserID()==current.group.manager )
{
answer=true;
}
else
{
var rmAPI = new SNC.RoleManagementAPI();
if (!rmAPI.isAllowedToGrantGroup(current.group))
answer = false;
else
answer = true;
}
}

If you see that your condition manager is dynamic me is giving you error while debugging then try and include the group manager is current user in your script-

if(gs.getUserID()==current.group.manager )
{
answer=true;
}

I think this time it will work out for you. 🙂

Dear  kumamano

Many thanks for your response, but I'm totally confused I've tried to debug but didn't find an error. 

Dear kumamano,

Could we have a team viewer session to check case