I tried to play with cockpit for a nethserver-cockpit-delegation
like, all users I add to the group domain admins
have no administrative rights, only members of the group admins
could be eventually granted to administrative tasks, see https://github.com/NethServer/nethserver-cockpit/blob/master/root/etc/nethserver/cockpit/authorization/roles.json#L2
After that even if you create a group admins
the users belong to this group cannot be admin, you must create a sudoers file
probably a dirty hack
[root@ns7loc14 ~]# cat /etc/sudoers.d/30_cockpit_admins
Cmnd_Alias ADMINS = /usr/libexec/nethserver/api/*/*,/sbin/e-smith/validate
%admins ALL=NOPASSWD: ADMINS
# server-manager does not require a tty
Defaults:%admins !requiretty