Sitecore security: Create an read only user manager

Recently I had a strange requirement from our client: they want to have a user account that has no access at all expect of the Sitecore backand and the use manager. 

Further they want to have that the user could only have read access inside the user manager. 

And yes it is possible to restrict access to those specific requirements.

See below sreenahots:

Validation of viewstate MAC failed

Solution

I copied a whole Sitecore 8 solution to a server. I think to copy the "Data" Folder and viewstate folder is NOT an good idea. So I deleted the viewstate, gave permissions to the data folder AND did a iisreset in the cms.exe which was started as Adminstrator!

That solved my problem.
Hope this helps.

Server Error in '/' Application.

---

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

 Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[ViewStateException: Invalid viewstate. Client IP: 172.20.10.1 Port: 46012 Referer: http://autohaus..... Path: /sitecore/login User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 ViewState: /wEPDwUKMTM0OTMyMzU5Mg8WAh4TVmFsaWRhdGVSZXF1ZXN0TW9kZQIBFgQCAQ9kFgQCBA8VAQ8vc2l0ZWNvcmUvbG9naW5kAgYPFQFJaHR0cDovL2F1dG9oYXVzLmluZm9jZW50cmljcmVzZWFyY2guY29tL3NpdGVjb3JlL2xvZ2luL2Ryb3Bfd2FsbHBhcGVyLmpwZ2QCAxBkZBYIAhUPFgIeB1Zpc2libGVoZAIdDxYCHwFoFgJmDw8WAh4EVGV4dAUFYWRtaW5kZAIeDxUDF0luZm9DZW50cmljIFJlc2VhcmNoIEFHDjIwMTQwNDE0MTYzODI0HlNpdGVjb3JlLk5FVCA4LjAgKHJldi4gMTQxMjEyKWQCHw8WBB4Dc3JjBccBaHR0cDovL3Nkbi5zaXRlY29yZS5uZXQvc3RhcnRwYWdlLmFzcHg/aWQ9MjAxNDA0MTQxNjM4MjQmaG9zdD1hdXRvaGF1cy5pbmZvY2VudHJpY3Jlc2VhcmNoLmNvbSZsaWNlbnNlZT1JbmZvQ2VudHJpYyUyMFJlc2VhcmNoJTIwQUcmaWlzbmFtZT0yOWYwMjViNDZhY2FkYjhlYjM3MTcyZDU4MTY4ZGM1OCZzdCZzY19sYW5nPWVuJnY9OC4wLjE0MTIxMh4Gb25sb2FkBSVqYXZhc2NyaXB0OnRoaXMuc3R5bGUuZGlzcGxheT0nYmxvY2snZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUKUmVtZW1iZXJNZW422ul...] [HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.] System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) +12436256 System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose) +12327715 System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose) +67 System.Web.UI.HiddenFieldPageStatePersister.Load() +12327927 System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +12580515 System.Web.UI.Page.LoadAllState() +51 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12573463 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12572973 System.Web.UI.Page.ProcessRequest() +119 System.Web.UI.Page.ProcessRequest(HttpContext context) +99 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165