This is the most powerful permission that exists. It has unlimited access to every page, it automatically has every permission and you can even build or delete blocs and modules with this permission. There is no higher level in a single instance and the only other one that exists is users that have the same access except over multiples instances with the same user.
This permission is designed to give someone access to the Admin and Development page, but without yet committing to giving them access to pages within it. You would use this as a way to control an admin who can do certain things, for example, if you want a person to be able to add Mail Alerts but cannot add users, you would give them this permission along with the "Can Access the Alerts Page" (See below).
It is the permission that allows this link to appear in the sidebar:
This is a typical Administration permission. With this permission they can add, edit and delete users. They can also add roles to a user.
This permission allows someone to add/remove roles from a user. This obviously only applies to users who have the above role "Can Manage Users/Profiles".
This is a powerful permission. Somebody with this permissions can create new roles (with any permissions they want in those roles) or can simply add the most powerful of permissions to a user. This is for high access level admins.
When a user has this permission they can see all data in a bloc regardless of the various restrictions that may have been put in place. Restrictions might include the following:
It's currently possible to hide data entirely from users inside a bloc. This permission makes an exception to this rule by allowing anyone with this role to see this data.
It's currently possible to disable the ability to Submit Data in a bloc using the Bloc Setting: Cannot Submit Data. This completely prevents user submissions. However a user with this permission can continue to submit data. This is useful in blocs where some users only use it for looking up data but others are allowed to create new records.
It is currently possible to remove the visibility of blocs from a list of blocs in a module. This is different to completely preventing access to the bloc. It is a non-secure way of tidying up the look and layout of your module without preventing real access if they had the link. The user may still need to see this bloc as a Sub Bloc, or you may want to create a separate link to this bloc. This removal process can be done using this bloc setting.
This permission is designed to override this feature, it is mainly for admins who still need to see the bloc in the module even if other users cannot see it.
It is currently possible to lock in filtering that occurs as a result of the Data Filtering Field parameter. This can be done by clicking the option : Force data filter fields for those without permission.
This option forces users to only see data filtered based on the value of a field that is set (for example a company name). They may have no control over changing this, thus you can prevent other data from being seen by forcing a "lock" on this filter.
This permission overrides this lock and allows the user to continue to change the filters in the bloc.