| Permission to enable updating membership of a group in terms of adding/removing one’s own account (Self-Membership validated write); no other permissions are included. | |
| Create copies of existing groups; no other permissions are included. | |
| Groups – Create | Create groups; no other permissions are included. | 
| Delete groups; no other permissions are included. | |
| Perform the deprovisioning operation on 'groups' objects; no other permissions are included. | |
| List groups; no other permissions are included. | |
| Groups – Manage Membership Rules | View and modify criteria used by Active Roles for rules-based control of group membership lists; no other permissions are included. | 
| Groups – Read Group Membership | View a list of groups to which a given group belongs; no other permissions are included. | 
| View and modify the list of email addresses for a group; no other permissions are included. | |
| View and modify properties that constitute general information for groups: 
 No other permissions are included. | |
| Groups – Read/Write Group Members | Add or remove members from a group; no other permissions are included. | 
| Groups – Read/Write Group Type and Scope | View and modify the type and scope settings for a group; no other permissions are included. | 
| Groups – Read/Write Manager | View and modify what person is assigned to manage a given group (Managed-By attribute); no other permissions are included. | 
| Groups – Read/Write Phone and Mail Options | View and modify properties that describe email related information for groups (Email-Information property set); no other permissions are included. Property set members: See “Email-Information Property Set” at http://msdn.microsoft.com/en-us/library/ms684362.aspx | 
| Groups – Rename | Rename groups; no other permissions are included. | 
| Groups - Undo Deprovision | Perform the undo deprovisioning operation on 'group' objects; no other permissions are included. | 
| Groups - Undo Deprovision - Deny | Prohibit the undo deprovisioning operation on 'group' objects; no other permissions are included. | 
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center