There are 2 reasons for this. 1. I would like to be able to get an audit of any specific user and what actions they have taken. 2. I want to be able to finely control what users can do what. Example, I may want someone to be able to set up a new site, but not be able to recycle an existing site apppool.