You can
Restrict manage sections in the roles with Management Permissions section. Even if they are admin if you restrict the screen they won’t have access.
The security levels edits that you provided works well to limit roles even further, I do like that.
However see if you can help with this.
Let’s say in a restaurant will lots of staff, you have a hostess, and this hostess is not in the computer as a user yet,there is no need.
Then it’s a busy night, and several have called in sick and now we need this hostess to be in the system and working as a server.
The manager on duty, as you can see above now has limits like we want, but we need the manager to be able to add users.
Might not seem like a problem, you could simply add permissions to access the user portion.
HOWEVER then they would be able to add a user, and make that user an admin role.
Seems like an oversight.
Is there a way to limit that, or can we somehow set the system to have a button or something to add a default user that you already have setup with a role?