...
But because this allows the administrator to edit all permissions of all administrators, including himself, this permission is in fact above all others and means the highest privileges. Since version 2.1 this is therefore clearly indicated and granting this permission means automatically granting all others.
User management
This permission allows an administrator to manage the users of the application. That means creating new local users, edit existing ones, change their passwords, or delete them. He can also manage API tokens, because the tokens are always bound to a specific user. So the administrator can perform all actions in:
...
...
As a prerequisite this permission requires the permission “application settings“ above. It allows the administrator to access and modify the settings related to encryption, located in section:
Access to list of packages and it's metadata
...
As a prerequisite this permission requires the permission “access to list of packages and it's metadata” described above. It further allows the administrator to perform all package actions (like release from quarantine, delete, restore deleted, etc.) except de/encryption.
Encrypt / decrypt package
As a prerequisite this permission requires the permission “Package management” described above. It further allows the administrator to perform decryption or encryption of selected packages at will.