
OktaBGI.92523 (Customer) asked a question.
I am looking for a way to provide RO access to user data, restricted to users in a particular AD or Okta group. Currently we have tried 2 options in Security Administration:
1) Admin account with RO privileges. Problem is this is RO to most if not all of the Okta config data and we need to restrict to user data only and preferably to only users with specific group membership.
2) Admin account with Group Admin privileges. Problem here is this will restrict the account to users in the specified groups and restricts it to user info, but it allows for update rights.
What we need is a hybrid of these, but assigning both roles gives the max privileges, not the least as privileges are additive.
Is there any way to do this that I am missing. Thanks

refer, groupmembershipadmin might have helps..
https://help.okta.com/en/prod/Content/Topics/Security/admin-role-groupmembershipadmin.htm