Devices

User has	Can do
`DEVICE_MODERATOR` + `DEVICE_DESIGNER`	Full control: delete, configure, manage keys, move to other groups
`DEVICE_MODERATOR` only	Delete, move — but not configure or see keys
`DEVICE_DESIGNER` only	Configure and see keys — but not delete or move

¶ Devices