We also need this feature at domain level. It would be important when having several admins for a certain domain, limit some features.
For example Email Archiving, clients have requested we make it available to specific admins of the domain. This is a sensitive feature, and currently all admins for a domain automatically have access to Email Archiving, which means can access every message including confidential ones. It's one of the best SM features, and only missing function is being able to limit it to specific admins/users.
Another example, could be limiting some admins to create, modify or delete users, such as make it read-only for them.