As system administrator for a district with more than 40 schools, I have created a Role in the User Management tool that provides principals with System Admin privileges for just their school. It works perfectly, except that there is no way to prevent them from changing roles without totally removing the User Management tools! So they can create a dummy account, and then make it a district System Admin, providing them District Access. This is a major oversight, and the permissions need to be adjusted so that we can have individual building-level system admin without them being able to change roles.
It seems like there simply needs to be a box in the Permissions that lets you enable or disable this feature. Under "Administer Users," add a box underneath that states "Allow to Make User Role Changes." Even if it removes their ability to Create New Users, this is worth it. Also, I'm not proposing changes to the System Admin role- I created a School Administrator role, and want to remove it from that one.