diff --git a/management/server/group.go b/management/server/group.go
index c49bb2471..1afb8f3c5 100644
--- a/management/server/group.go
+++ b/management/server/group.go
@@ -89,6 +89,10 @@ func (am *DefaultAccountManager) SaveGroups(ctx context.Context, accountID, user
 		return status.NewUserNotPartOfAccountError()
 	}
 
+	if user.IsRegularUser() {
+		return status.NewAdminPermissionError()
+	}
+
 	var eventsToStore []func()
 	var groupsToSave []*nbgroup.Group
 	var updateAccountPeers bool
@@ -213,6 +217,10 @@ func (am *DefaultAccountManager) DeleteGroup(ctx context.Context, accountID, use
 		return status.NewUserNotPartOfAccountError()
 	}
 
+	if user.IsRegularUser() {
+		return status.NewAdminPermissionError()
+	}
+
 	var group *nbgroup.Group
 
 	err = am.Store.ExecuteInTransaction(ctx, func(transaction Store) error {
@@ -260,6 +268,10 @@ func (am *DefaultAccountManager) DeleteGroups(ctx context.Context, accountID, us
 		return status.NewUserNotPartOfAccountError()
 	}
 
+	if user.IsRegularUser() {
+		return status.NewAdminPermissionError()
+	}
+
 	var allErrors error
 	var groupIDsToDelete []string
 	var deletedGroups []*nbgroup.Group
@@ -438,6 +450,11 @@ func validateDeleteGroup(ctx context.Context, transaction Store, group *nbgroup.
 		return &GroupLinkError{"user", linkedUser.Id}
 	}
 
+	return checkGroupLinkedToSettings(ctx, transaction, group)
+}
+
+// checkGroupLinkedToSettings verifies if a group is linked to any settings in the account.
+func checkGroupLinkedToSettings(ctx context.Context, transaction Store, group *nbgroup.Group) error {
 	dnsSettings, err := transaction.GetAccountDNSSettings(ctx, LockingStrengthShare, group.AccountID)
 	if err != nil {
 		return err
@@ -452,10 +469,8 @@ func validateDeleteGroup(ctx context.Context, transaction Store, group *nbgroup.
 		return err
 	}
 
-	if settings.Extra != nil {
-		if slices.Contains(settings.Extra.IntegratedValidatorGroups, group.ID) {
-			return &GroupLinkError{"integrated validator", group.Name}
-		}
+	if settings.Extra != nil && slices.Contains(settings.Extra.IntegratedValidatorGroups, group.ID) {
+		return &GroupLinkError{"integrated validator", group.Name}
 	}
 
 	return nil
diff --git a/management/server/group/group.go b/management/server/group/group.go
index bb0f5b7b6..24c60d3ce 100644
--- a/management/server/group/group.go
+++ b/management/server/group/group.go
@@ -55,8 +55,7 @@ func (g *Group) IsGroupAll() bool {
 	return g.Name == "All"
 }
 
-// AddPeer adds peerID to Peers if not already present,
-// returning true if added.
+// AddPeer adds peerID to Peers if not present, returning true if added.
 func (g *Group) AddPeer(peerID string) bool {
 	if peerID == "" {
 		return false
@@ -72,8 +71,7 @@ func (g *Group) AddPeer(peerID string) bool {
 	return true
 }
 
-// RemovePeer removes peerID from Peers if present,
-// returning true if removed.
+// RemovePeer removes peerID from Peers if present, returning true if removed.
 func (g *Group) RemovePeer(peerID string) bool {
 	for i, itemID := range g.Peers {
 		if itemID == peerID {