When you set <add key="UseRelatedSiteMode" value="true"/>, that means that all user IDs and roles are shared among all sites. If you want the membership and permissions to be distinct in each site, you need to set this to false.

I think you can do this as long as you do the step "I want to allow user's to create a group (child site)" yourself, rather than allowing users do that. The reason is that in order to create a child site, a user has to be administrator on the main site, which I really don't think you want.

I think your general workflow could be:

1. Trusted user requests a new site.
2. You create the new site, add the user to that site as administrator, and let them know that it's ready.
3. They go ahead and set up the new site as they want.
4. Other users would register on the new site.

This way, each user would be the administrator of only their own site.

As an alternative, you might want to consider the mypage feature, although this might not be as flexible as you want.

Jamie

I think you should think of Roles as Groups, it is conceptually the same thing, you create a role and add members to the role and you have users grouped into roles and permissions are based on role membership. So a separate concept is not needed for Groups.

You can create top level pages that can be edited by specific roles and when they create child pages below that they automatically inherit the same role permissions, so you can easily create sections of a site that can only be edited by specific roles (other than admins and content admins which can edit anything). So it is easy for organizations to delegate edit permissions to certain sections of their site to certain groups of users within their organization by using roles.

Best,

Joe