PMAC uses the concept of groups to assign user permissions. A group is a collection of permissions to which one or more users can be assigned. All users of that group will have access to the same set of functions. Permissions are assigned to the group for each application function. All users assigned to the same group have the same permissions for the same functions. In other words, you cannot customize permissions for a user within a group.
Functions correspond to a specific web page or group of web pages and the actions that a group can perform on the page(s). If a group has permission to perform a function, the function is visible to all users assigned to that group. A group of related functions fall under a permissions section. For example, Users and Groups fall under the Administrative Permissions section. Permissions can be granted on a function basis or globally on a section basis.
By default the PMAC comes with three groups already provisioned; the first is the admin group. This group is the most powerful in the context of permissions. Any user belonging to this group has access to all views and menu items. The second default group is ops. As the name implies it provides any user belonging to this group access suitable for most operations personnel. The third default group is guests. Any user belonging to this group has permissions suitable for guests with limited administrative permissions.
You can add, delete, and update groups except for the predefined admin group.