The primary security entities in Parsec For Teams are Guest User, Team Member User, Host Machine, and Team Machine. A Guest User is a Parsec User granted temporary access to a Parsec Host Machine. A Team Member User is a Parsec User who is a Parsec Team member. A Team Machine is a shared Host Machine that multiple Guest And Parsec Team Users can access.
There are two main security concepts for security entity management in Parsec for Teams: Groups, and Roles. A Group allows an administrator to set a ruleset of Parsec app feature settings for users in that group, and these settings get sent to the Parsec native app. These App Rule rulesets override Global App Settings in the Admin Panel. App rules are not a Security Policy, the user can override the settings with the local app configuration file. A Group also allows the administrator to control connection settings for Users and Team Machines in that Group. Connection Settings are a Security Policy, and they contain peer connection ingress and egress rules. There is no way to change these connection settings on the local app.
Lastly, a Role allows an administrator to set Parsec for Teams Website/API permissions for Parsec Team member Users. There are two types of roles, a Global Role, and a Group Role. A Global Role applies permissions to all users that have that role regardless of Group Role permissions. A Group Role grants the role permissions to any Parsec Team Member User or entity that is a member of the Group that has the Group Role applied.