...
An administrator with this permission may create new administrators, edit existing ones, including their permissions, or delete existing ones. So he has the right to perform all actions in:
User management
This permission allows an administrator to manage the users of the application. That means creating new local users, edit existing ones, change their passwords, or delete them. He can also manage API tokens, because the tokens are always bound to a specific user. So the administrator can perform all actions in:
Access to logs
Administrator accounts with this permission have full access to Audit Logs and also to setting a syslog target, where copies of all audit log messages are sent. So such an administrator can:
Set a syslog target in Settings - Configuration - Logging
View and search application Audit Log
Application settings
This permission allows administrators to perform complete configuration of the application, with the exception of features and sections defined in the other permissions. So an administrator with this permission can do all actions in:
Access to list of packages and it's metadata
The permission to view information about packages - view package lists and details of specific packages. This permission does not allow the administrator to perform any actions on the packages, nor download the packages contents. It allows to view:
Access to files of packages
...