So I invited my first user or member and set him as full member but then see later on that he actually has full admin rights.
The same thing would be true if I just gave him Restricted Rights.
You need to make the default checkmarks in Permissions reflect something other than Admin for all.
I also see that within Save Attributes is the right to delete them as well. Maybe just call it Attributes or give headings with the worst scenario such as Delete Attributes instead.
Once trusted, or at least more familiar with the interface, we can elevate their access level.
I don’t even trust myself at such early stages of comprehending the options so the default admin should disallow deletion just so they need to see and figure out Permissions first.
Give a man a fish and he’s sure to choke on a bone.
Give a man a Filet o’ Fish sandwich and the bun could save his life.