Config option to disallow group admins from fully deleting users

[SimJoSt]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Multiple times we have encountered situations, where group admins have decided to delete users, that weren't meant to be deleted. Either caused by miscommunication or too little knowledge.
Sometimes group members were supposed to leave the group and were also using the account privately, not just for the group, and a full deletion was not in their interest.

The docs about group admins don't even mention user deletion capabilities: https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_configuration.html#:~:text=to%20any%20groups.-,Group%20Admin,-Group%20admins%20are

Edit 2024-05-10
It is mentioned once: https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user

Describe the solution you'd like
An option to disable user deletion privileges and permissions from group admins.

Describe alternatives you've considered

1. Completely remove user deletion privileges and permissions from group admins, without a configuration option.
2. Allow group admins to only disable users.
3. Add a general retention period for deleted users of a configurable timeframe. Each "deleted" user would stay in an inactive state for 30 days, before the final deletion. Allowing admins to reverse the action as soon as somebody reads the notifications emails or unsuccessfully tries to access data from the account.
   Maybe the account could be automatically reactivated, if the users logs in again.

Additional context
The process of restoring user data, not just files but app data, manually by tinkering with the database, is super complicated and should always be avoided.

[dermalikmann]

This seems to be related to #7482 and #11334

[solracsf]

The docs about group admins don't even mention user deletion capabilities: https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_configuration.html#:~:text=to%20any%20groups.-,Group%20Admin,-Group%20admins%20are

[dermalikmann]

The docs about group admins don't even mention user deletion capabilities: https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_configuration.html#:~:text=to%20any%20groups.-,Group%20Admin,-Group%20admins%20are

To be fair: The bulletpoint you highlited is only telling the reader about the interface capabilites.
The fact that group admins are able to delete users is mentioned further down the page, and could be misunderstood by a non-native english speaker as meaning "removing a user from the group", as people seem to interpret the title "group admin" a differently as its used in the NC ecosystem (as shown by the referenced two issues)

[SimJoSt]

Thank you for the comments. I have updated the original post to take the information into account. Even as a non-native speaker, the paragraph about the capabilities of group admins at https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user are clear and make sense to me.
Why I didn't find it on the first try, is beyond me. It shows that it is possible to miss it and not realize it when you assign group admins.

We will need to rethink our Nextcloud instance structure, to prevent further data losses, by accidental deletes from incautious group admins.