Overview
A User Group can have Administrators — Users who manage the Group without being members of it. Administrators are a way to delegate day-to-day people management (adding members, disabling Users, maintaining the Group) to shift leads and department managers without granting them account-wide access. This article covers what an Administrator can and can't do, and the permission interplay that governs it.
Why this matters: Group Administrators let you push routine User management down to the people closest to the team, without making everyone a Super User. But an Administrator's control is tied to Group membership in subtle ways — understanding them prevents both accidental loss of control and unintended privilege creep.
What a Group Administrator can do
Administrators are not members of the Group in any functional sense — they don't receive its Assignments, notifications, or scheduling. What they get is management control:
Capability | Detail |
Manage the Group | View and edit the Group's settings, structure, and memberships; remove Users from the Group. |
Manage member Users | View, edit, and disable Users who are members of the Group — but not other Administrators. |
Cannot delete Users | Administrators can disable a User but cannot permanently delete them from the system. |
The "View Users" permission changes what an Administrator can add
What an Administrator can add to their Group depends on whether their Role includes the View Users permission:
With View Users | Can add any visible User to the Group. |
Without View Users | Can add only themselves and Users they personally created. |
Heads up: An Administrator who can see all Users can add other Administrators to the Group, indirectly extending their control over more Users. Manage the View Users permission carefully — see the Role permissions reference.
Removing Users severs control
Adding a User to the Group extends an Administrator's control over that User (editing, disabling). Removing them severs it.
Note: If an Administrator removes a User from the Group, they lose control over that User — including the ability to disable them later — unless they're also an Administrator of another Group the User belongs to. The User can only be re-added by an Administrator with the right permission.
Example: offboarding a seasonal employee
Scenario
An Operations Manager (a Group Administrator) needs to offboard a seasonal employee at the end of their term.
Setup
The employee is a member of the Group the manager administers.
The manager wants the employee to lose access cleanly.
Result
The manager disables the employee first, then removes them from the Group. Doing it in that order matters: once removed, the manager would lose the ability to disable them. For permanent deletion, a Super User or a User with Users: Delete handles it — see How to deactivate a User.
Best practices
Limit View Users — grant it only to Administrators who genuinely need to add Users beyond their own, to prevent unintended privilege creep.
Disable before removing — if a departing User needs their access cut, disable them before removing them from the Group.
Audit Groups regularly — keep memberships and Administrators aligned with current operational needs.
Frequently asked questions
Q: Are Administrators members of the Group?
A: No. They manage the Group but don't receive its Assignments, notifications, or scheduling. See Create and manage User Groups.
Q: What happens when an Administrator removes a User from the Group?
A: They lose control over that User, including the ability to disable them, unless they administer another Group the User is in. The User can only be re-added by an Administrator with the right permission.
Q: Can Administrators delete Users from the system?
A: No. They can disable Users but not permanently delete them — that needs a Super User or the Users: Delete permission.