I am working with Thingworx Platform 9.5. We need to create 15 different users, and these users must have the capability to create their own projects and objects, with services and events, but no other capabilities, neither to review system objects nor resources that are unnecessary for them. However, upon creating them and assigning them to the groups "designers" and "developers" and granting the necessary permissions to create projects and use platform resources, they have also been given access to view other projects, and more critically, to create and delete permissions for other entities with complete freedom.

Does anyone know which specific permissions I need to deny to limit the capabilities of these new users?

Thank you very much for your time.