Which action is a Master User in CyberArk unable to perform?

The Master User in CyberArk holds significant permissions within the Vault, allowing them to perform a range of administrative tasks necessary for managing access and securing privileged accounts. However, one critical limitation is their inability to change their own permissions. This restriction helps maintain a secure environment by ensuring that users cannot alter their own access levels, which could lead to potential misuse or abuse of privileges. By preventing Master Users from modifying their own permissions, CyberArk enforces stricter controls and enhances the overall security posture of the system.

Other actions, such as changing user group assignments, resetting other user passwords, and deleting Vault accounts, are within the capabilities of a Master User. This balance of power ensures that while they can effectively manage and administer the system, they cannot compromise their own authority or the security model by altering their access rights.