Specialized Administration > Ensuring Data Security > Access Control > Examples of Required Access Control Rules > Permissions Required for Managing a Site-Level Group
  
Permissions Required for Managing a Site-Level Group
If you need to create policy rule in the Site context and want to grant permissions to members of a group, the group also must be defined in the Site context. To allow organization administrators to manage the group, assign it to a domain where organization administrators have permissions to view and edit the group. This would be useful if an organization administrator needed to modify a product team that was created using a team template. Since teams created from a team template require Modify permission at the site level, a group should be created at the site-level to manage these updates.
To make a site-level group manageable by an organization administrator, use the following procedure:
1. Create a group from Site > Utilities > Participant Administration.
2. Assign the group to a domain within the organization context where the organization administrator is granted Read and Modify permissions for the group. For example, the Organization Name domain where Organization Name is the name of the organization for which the user designated to manage the group is an organization administrator. The default rules for this domain grant organization administrators Full Control (All) permission for WTObject.
3. Create the following access control policy rule from Site > Utilities > Policy Administration in the System (Site) domain:
Object Type
State
Permission Granted
Participant
Team
N/A
Modify
Group (created in step 1)