In the role configuration, the supervisor has access to all users of his/her organization which means she/he is able to edit all users and even they can disable the focal point user. How do I configure the role of the supervisor to only have access to the case worker users who are under his/her supervision?
First you would change the supervisor role’s user permission to be Read instead of Agency Read. This would make it so they only have access to the users in their group(s). Then, however, you’d need to put the focal point and these supervisors in different user groups to prevent the supervisors from being able to edit the focal point users. At the same time, you’d need to make sure the case workers stay in the focal point’s user group, so that the focal point still has access to their cases and can see information on their cases in reports. To simplify the above explanation, this diagram of a user group orientation should solve the problem: