The predefined CreateQuery permission allows a user to create a new query. By denying this permission you restrict the user to using only those queries that exist on the system. The CreateQuery permission is set through the mks:im ACL. By default, this permission is allowed for all users.