From e4b3104399fcd2560fa6d6cb04ee39a6f652ea26 Mon Sep 17 00:00:00 2001
From: Andy Butland <abutland73@gmail.com>
Date: Thu, 3 Apr 2025 10:51:45 +0200
Subject: [PATCH] Remove admin permission on user configuration, allowing users
 with user section access only to manaage users and groups. (#18848)

---
 .../Controllers/User/ConfigurationUserController.cs          | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs
index 7c9723c744..915158a92c 100644
--- a/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs
@@ -1,15 +1,12 @@
-using Asp.Versioning;
-using Microsoft.AspNetCore.Authorization;
+using Asp.Versioning;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Api.Management.Factories;
 using Umbraco.Cms.Api.Management.ViewModels.User;
-using Umbraco.Cms.Web.Common.Authorization;
 
 namespace Umbraco.Cms.Api.Management.Controllers.User;
 
 [ApiVersion("1.0")]
-[Authorize(Policy = AuthorizationPolicies.RequireAdminAccess)]
 public class ConfigurationUserController : UserControllerBase
 {
     private readonly IUserPresentationFactory _userPresentationFactory;