permission_manager is a built-in role which allows an identity to create, edit, and delete groups and/or certificates.
An identity or group with this entitlement could escalate their own permissions to admin on server if they want to, so it isn’t safe to grant this entitlement to someone that isn’t very trusted.