In INOSA you give permissions to permission groups and not directly to the user. The user is added to the permission group. A user can be a part of many permission groups.

There are 3 default permission groups:

The other groups you create and set up yourself. 

The system administrator has all the permissions by default and is the one that is allowed to make new permissions groups or edit them.

It can be smart to make more groups that combine many permissions into one group. This will make the system more flexible.