It was found that users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user objects. It's undesirable that users that are supposed to have access only to their organizations can edit global admin accounts including changing their passwords. This issue affects Foreman 1.5 and newer. Upstream bug: http://projects.theforeman.org/issues/19612
Acknowledgments: Name: David Caplan (Red Hat)