Any role that can create users can create Super Admin user

How do you guys restrict this?
There is this ticket that says it’s not a bug: Any role that can create users can create Super Admin user. · Issue #16297 · strapi/strapi · GitHub
but I just can’t believe what I’m reading “by giving a user the ability to create others there is some level of trust that must be given to that user”. There is a difference between allowing someone to create new users and allowing someone to create a user who can create a new super admin and do everything from now on including removing us from the system. This is crazy! How on earth is this not a bug?

This topic has been created from a Discord post (1258717568433131582) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

i supposed you definitely should understand and filter with aproprietary logic types of roles that user (with given rights) are able to create…

We do not have a hierarchical user management system like say Discord does. It’s just a simple true false are they allowed to create users or not.

I get it that you don’t have a hierarchical user management system, but there is a huge difference between any other claim and the one that allows a user to create a super-admin. Only a super-admin should be able to create other super-admin accounts. If I’m allowing someone to create other editors I don’t want that person to be able to create a super-admin and give them any claim they want.