It would be great to have more flexibility in controlling which permissions can be granted to subgroups within an organization. Currently the User role allows Rejecting Assisted Remediation, but not Approving. Nor can the role view or respond to escalations, such as Unwanted Access over VPN.