At present only a full access user can create other accounts, assign privileges and reset passwords.
But who has full access privileges can also access all the scripts, custom functions, etc.
So, a developer has two choices: or keep for him the full access password or give it to the customers.
With the former case, the developer must be involved any time there is the need to create, modify or delete a user, etc.
With the latter, there is not guarantee that the customer does not modify the application, reuse the code for other, etc.
My suggestion is to have a two levels of master privilege sets:
“Full Access”: for everything” (as today)
“SuperUser”: the account that is allow to do everything, except for creating privileges, accessing the source of the scripts and custom functions.