User Administration

Action	Required
View all users	`USER_MODERATOR`
Edit user profiles	`USER_ADMIN`
Assign global/entity permissions	`ADMIN_MANAGER` (+ access to target entity)
Add user to instance	`ADMIN` or `USER_MODERATOR` on instance (no user search — exact username required)

¶ User Administration