In Tanzu Hub, managing Organization (OG) and Space Groups (SG) requires specific roles and scopes. The ability to create, modify, or merge these logical groups depends on whether the user has administrative or management permissions at the appropriate level.

• Foundations Groups (FG): Can contain multiple Organization Groups.
• Organization Groups (OG): Can span multiple Foundations Groups.
• Space Groups (SG): Scoped to a single Organization Group Tanzu hub who can create and manage Organisation and Space groups.

Foundations Group, Organizations group and Space Groups 

Tanzu Hub

The following list required users to create or merge org and space groups:

• Admin  --> Create/Modify Organization Groups.  Only users with admin permissions can create and modify OGs.
• Admin + OG Manager  --> Merge Organization Groups. Global Admins can merge any; OG Managers can merge OGs they manage.
• Global Admin, OG Manager, or SG Manager --> Merge Space Groups. SG Managers can merge Space Groups they specifically manage.

To successfully create these groups in Tanzu Hub, the following configurations and UAA scopes are required:

• User Existence: The user initiating creation must exist in the foundation's Identity Provider (IDP) or UAA store. If using external IDP (LDAP/SAML), ensure Enable shadow users for Admins and Org Managers is checked in the TAS/EAR tile Tanzu hub who can create and manage Organisation and Space groups.
• Required UAA Scopes: For internal user stores, the following scopes should be assigned via UAAc. More details on how to create user are available in kb https://knowledge.broadcom.com/external/article/433287/tanzu-hub-failed-to-create-organization.html 
  • cloud_controller.admin
  • uaa.admin
  • scim.read
  • scim.write

https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-hub/10-3/tnz-hub/apps-mgmt-view-orgs-spaces.html

https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-hub/10-4/tnz-hub/apps-mgmt-view-org-space-groups.html