Account administrators have full access to the account. They can add or remove users, create new groups, delete any resource, including scan reports, connect new IaaS accounts, change the account plan, and delete the account. Group administrators only have permission to make changes to resources in the group to which they administer. This includes adding or removing users from the group, making changes to settings of IaaS accounts in the group, viewing and deleting scan reports for those accounts, and configuring integrations and alerts for findings associated with those accounts.