Create a Role that can Manage users/organization but not assign one to the Admin role

Maybe I’m missing something.
But it seems like that in order for an agent to be able to add users/organizations without a ticket, that they need admin access to the users/organizations.

But with admin access they are also able to set a user to Admin.

Am I missing something?

This is not possible, to make it super short.

Edit: Quite a quickshot from me.

Admin-Rights to not exist for Organizations, but especially “shared organization” is a potential data security issue which you don’t want to hand to everyone.
As for users/customers: You can do that with normal agent right.

The only thing you can’t do at that point is resetting a password or changing rights

Not really, when yuo dont’ want to open a ticket.
The scenario here is to create clients before they have the need to open a support ticket.

Currently, an agent can only create a new client via the new ticket screen. Right?

That’s absolutely correct. As soon as you allow your person to organize users within the admin settings, he can assign roles and stuff.

The only workaround I currently can think if is a custom API script that does the trick for you.
(https://docs.zammad.org/en/latest/api-intro.html)

I’d like to correct that answer slightly, with the new release there is a possibility to organize organizations with a right tick.