Looks good with groups!
One thing I miss (or haven’t been able to find) is the ability to prevent a user from seeing “licenses”, “users” and “API Keys”.
It isn’t very sensitive data but it would be great if we with a role have the opportunity to limit these things as well, business users don’t need access to that information, especially not API key.
PS
I already posted this question HERE but then I saw this post and I think it fits better here.