I just have a slightly problem to understand something, when you share the users of the master site.

Just assume you have prepared a template to create new slave sites from the front end and you are sharing the users with the master site within this template.

Now the problem appears, if you grant access to the backend of the slave site, the site admin of the slave site must be defined as a site administrator, but as you are sharing the user table you know have a new site admin within the master site, which is also able to login as a site admin to the master site.

And you also have full access to any of the users of the master site.

Is this right?

YES.
When you share the users, they have the same privileges in all the website where the users are shared.

There are no "record" level restriction.
So a super admin in a website is also the super admin of all the websites that are shared.

Ok, but wouldn't it be a good idea to think about that? Probably it's worth to think about to ad the site id to the user record, so the admin with this explicit site id can onyl touch the administration of the site and can see the users which are signed on with his/her site id?

That would be great I think

We think to this problem for july 2008 and we have tried several possibilties before to found this method of sharing without having to rewrite everything.

We know that several person would like to have a partial sharing and control each individual records in the DB but this can become very complex to guarantee the integrety of the content.

I think this seems to be a solution (even you have to pay for it) to get around this problem. I think I will buy it within the next days to give it a test

www.corephp.com/community-acl/community-acl-for-joomla-1.5.html

This extension consists in replicating and syncrhonizing the users between different website.
They do not share them but syncrhonize them.

This extension is already defined in JMS.
There is a limitation when using Community ACL.
You can not use "JomSocial" as they use the same MySQL table parttern #__community
If you are using both, this may have side effect when you decide the share JomSocial.

Use Community_ACL and also the user sharing may have unpredictable result.
This may result by trying to synchronise users that are already share by MySQL.