The preconfigured Access Roles with Credential Manager privileges are:
The Credential Manager Group is then assigned to a User account through the Credential Manager Groups tab. This tab has settings that are enabled when you select an Access Role with Credential Manager privileges.
CA Privileged Access Manager is preconfigured with the provisioned Credential Manager Group "System Admin Group". This might appropriately be used to provision a Global Administrator using the PM Groups setting.
Important: The Credential Manager Groups are configured user per user.