Access model
Access to the Manage Authorization Groups application is controlled by a combination of platform role and explicit group membership:
| Who | What they can do |
|---|---|
| Founder | Full access to all groups across the tenant, including default and global groups. |
Users with manage_auth_groups permission | Full access to all non-default groups in their brand. Can create, edit, and delete groups. |
| Group Responsibles | Access to manage memberships for the specific groups they are responsible for. Visible in the "Groups you are responsible for" tab. |
| Group Delegates | Access to manage memberships (and deactivation events) for the groups they have been delegated to. Visible in the "Groups you delegated" tab. |
Default and global group restrictions
Default groups are system-predefined and cannot be deleted or have their membership rules modified by any standard administrator. Only the Founder-level account can interact with their configuration.
Global groups are cross-brand groups visible and usable across all tenants. Creation and modification of global groups is restricted to system-level administrators (super-admin, brand_id = 1).
Requesting access
If you need access to manage groups and do not currently have it, contact your platform administrator to request the manage_auth_groups permission, or ask to be assigned as a responsible or delegate for the specific groups you need to manage.
