This is needed for large enterprises with distinct territories that are each subject to different regulations and compliance standards. Enterprises like this tend to allow a few privileged users in each of these territories to be administrators of Port. However, because the administrator role in Port tends to be very permissive, these administrators are able to create, modify, or delete entities in Port that they really should not be permitted to create, modify, or delete. Port's extensive audit log is a good way to know when this has happened, but large enterprises would prefer to prevent it from happening in the first place.