If we are able to distribute the roles, how do we make sure that they can't take any action without the permission of the admin?
We have a feature of Four Eye Validation, which makes sure that if anyone other than the admin wants to take an action then, the person has to request permission from the admin.