Permissions Required for Managing a Site-Level Group
If you need to create policy rule in the Site 
context and want to grant permissions to members of a group, the group also must be defined in the Site context. To allow organization administrators and organization business administrators to manage the group, assign it to a domain where organization administrators and organization business administrators have permissions to view and edit the group. This would be useful if the organization administrator and organization business administrator needed to modify a product team that was created using a team template. Since teams created from a team template require Modify permission at the site level, a group should be created at the site-level to manage these updates.
context and want to grant permissions to members of a group, the group also must be defined in the Site context. To allow organization administrators and organization business administrators to manage the group, assign it to a domain where organization administrators and organization business administrators have permissions to view and edit the group. This would be useful if the organization administrator and organization business administrator needed to modify a product team that was created using a team template. Since teams created from a team template require Modify permission at the site level, a group should be created at the site-level to manage these updates.To make a site-level group manageable by an organization administrator or a business administrator, use the following procedure:
1. Create a group from Site > > or Site > > .
> > or Site > > .2. Assign the group to a domain within the organization context where the organization administrator and organization business administrator are granted Read and Modify permissions for the group. For example, the Organization Name domain where Organization Name is the name of the organization for which the user designated to manage the group is organization administrator and organization business administrator. The default rules for this domain grant organization administrators and organization business administrators Full Control (All) permission for WTObject.
3. Create the following access control policy rule from Site > > or Site > > in the System (Site) domain:
> > or Site > > in the System (Site) domain:Object Type | State | Permission Granted | Participant |
|---|---|---|---|
Team | N/A | Modify | Group (created in step 1) |