check that the security permission lets you create/modify users and create/modify roles and their associated groups/users
svn rev3541 - disallow a non-permitted user to see the new user and new role links on Administration page. Only MANAGE_SECURITY users should see those.
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1869