There are script steps that you can use to script some account-related functions, including those to add accounts, delete accounts, reset account passwords, change passwords, enable accounts, log in to a file using a different account and password. However, I don't believe there is anyway to manage privilege sets via scripts. I think you'd need to give them full access for them to do that.
Thank you. You confirmed that I can't do everything I wanted, and now I know what I can do.