When using the ADAM as a SaaS, you inherently have administrators for a given site. These (sub)administrators need all the tools an authentic administrator without actually making them member of the Administrators group, because this would give them general access to the entire system.
I am referring to the "Inspect permissions" and "Inspect classifications" actions which are only enabled when you are a member of the Administrators group.
These actions should be driven by a Role, but rather they are driven by whether the user is in the Administrators group.
Any other action that is dependend on this kind of membership should also be dependend on a Role.
Customer support service by UserEcho