Qube user groups are designed to collect a set of users into a kind of partition where each user can only control other jobs owned by users in the same group. Each user in the group then can be granted permissions that only affect the jobs of other group members.
Qube groups might be put to use at a facility that has a team of people responsible for managing the day-to-day workload on the compute farm, but only need to have the ability to control the jobs of other team members. Instead of granting full administrator privileges, the team would be placed in a group.
A group can be managed by either a actual Qube administrator, or by the group's administrator. However, the group administrator is not allowed to add users to the group, they are only allowed to modify the permissions of already existing users.
User permissions take precedence over group permissions. For example, if a user doesn't have permission to kill a job, even if their group permissions allow it, the user still won't be able to kill a job. A user with "administrator" or "impersonate" privileges is not subject to this restriction.