>>> * Disabling changes to usernames and passwords of administrative users >>> by users having administer users permission. I smell hiearchical roles here. Some user ought to be able to change other users psswords... including admins... I guess at least.