Permission name: System: Add Stage Users by Provisioning and Administrators

• Should be "System: Add Stage User"
• Permission should not care who will do it, it is privilege/role's job.

Permission name: System: Delete modify Stage Users by administrators

• Why is Modify and Delete combined in 1 permission?
• Should be "System: Modify Stage User" and "System: Remove Stage User"

Permission name: System: Preserve an active user to a delete Users

• We do not use "deleted users" bur rather "preserved users" anyway
• Maybe "System: Preserve User"?

Permission name: System: Reactive delete users

• "System: Undelete User" to reflect the command name.

Permission name: System: Read Stage User kerberos principal key and password

• Rather "System: Read Stage User password" - We don't need to call out the principal key explicitly, but this is negotiable.

Permission name: System: Read Stage Users by administrators

• "System: Read Stage Users"

Permission name: System: Read/Write delete Users by administrators

• This needs to be 2 permissions:
• "System: Read Preserved Users"
• "System: Modify Preserved Users"

Permission name: System: Reset userPassord and kerberos keys of delete users by administrator

• Rather "System: Reset Preserved User password"

Permission name: System: Write Active Users RDN by administrators

• Rather "System: Modify User RDN"

Permission name: System: Write Delete Users RDN by administrators

• Why is this permission needed, isn't "System: Modify Preserved Users" enough?