Threat actors may attempt to discover group and permission settings. This information can help Threat actors determine which user accounts and groups are available, the membership of users in particular groups, and which users and groups have elevated permissions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.