One of the changes in the upcoming 5.0 release is the fact that the core admin modules & tabs are treated just like other tabs/modules. This means that an admin can give other users access to these tabs/modules at the tab/module level. Although this is a very powerful feature, it is also a very dangerous feature if an administrator does not understand the implications.
When you give a user edit rights to an admin tab or module you are giving the user "administration" permissions. So what does this really mean?
Tab Level: Giving user edit permissions is the same as on tabs that are manually created. The user will be able to edit the tab settings (including permissions), add modules to tab, delete modules from tab, etc.
Example (You give user edit permissions to the users tab): The user can now edit permissions for the tab, change skin of tab, delete modules from the page, etc.
Module Level: Giving user edit permissions is the same as on 3rd party modules that are added to a tab. The user will be able to plus access all the functions of the module. In addition, if the user is also given edit permissions for page the user will then also be able to edit the module settings.
Example (You give user's edit permissions to the user's module): The user have access all the functions of the user's module (adding/editing/deleting users, editing profile settings). If the user also has edit rights to the tab then the user will also have access to change the module settings (permissions of module, container used by module, etc).
Basically, edit permissions given to a user on module gives then access to all the functionality of that module. Giving a user edit permissions on the tab and module is the same permissions adminstrators are given. The difference it that administers have access edit access to all admin tabs/modules, and this new feature allows to to assign additional access to admin tab/modules to fit your business needs. This is something to keep in mind when assigning permissions to the admin tabs & modules. IMO, this is a great new feature and makes DNN management very flexible. In addition, it opens the door for the admin core modules to use the custom permission capabilities of DNN in future releases. This would then allow admininstrators to grant permissions at the feature level (which would be awesome).