Our organization has started to use the global admin console. As we set up our child admin consoles, we have found a need for an administrative role within each of the child consoles that has the ability not only to add users and assign products to them, but also to remove users and to modify them. Such an administrative role must be specific to the child console and not provide administrative control outside of the child console in which the role was assigned. The system administrator is not a viable role because we do not want child-level administrators to have access to the settings section of the console--we primarily just want those administrators to be able to remove users from their console.
Hello! I'm a product manager at Adobe. Wonderful news that you've started to use the Global Admin Console. We find that customers using "GAC" discover additional needs now they're better able to manage their organizations.
What I'm hearing from you is the need to have an Admin role in the Admin Console, which has permissions to add and remove users to the org, but cannot access all the settings available to System Admins. This is great feedback. Good news is that any admin role you assign in an Admin Console will be limited to that console.
Removing users is sometimes considered a highest-level permission because doing so could lead to loss of access to stored assets and product license assignments. However, there is a good reason to allow you as Admins to control this. One question for you: would you rather have another admin role to fit this need, or to have several "permissions" to pick and choose from to build your own new admin role whenever you'd like? Your feedabck is always helpful, thank you.