On organization level, access control can be managed by users who are part of this group and have manage rights or are instance administrators. These users can add new users to this group but also to substation level access groups. This is the admin level for an organization.