admin console only has two permissions, author-user and author-administrators.
This basically gives any AEM users full access to everything, which is highly dangerous.
With EpiServer, we could easily create groups with specific permissions, e.g. only edit marketing pages, or only create affiliate pages, or only add images to our external-marketing DAM directory. We could even let content admins create their own permission structures for their users via checkbox interface with meaningful permission names.
Is any of this possible with AEM Cloud, and if so, how? There seems to be no option in the admin console, where users permissions and groups are managed for our 10+ environments.
One confusing piece is that if you login to one of the many environments author instances directly, there is a security, users groups and permissions. But these are not reflected in the admin console, so presumably are not usable. In addition, the author permission tab has an incomprehensible, enormous and unusable list of groups and permissions, e.g. "107830685PLC_ADMIN_GROUP_NAME_SUFFIX" and "/libs/settings/dam/cmf/models". Many of these mystery groups have users in them, although we have not put them in directly.