#10180 Restrict permission levels for JMs creating roles (main)

controllers/grid/settings/roles/form/UserGroupForm.php

@@ -198,7 +198,11 @@ public function execute(...$functionParams)
         // Check if we are editing an existing user group or creating another one.
         if ($userGroupId == null) {
             $userGroup = Repo::userGroup()->newDataObject();
-            $userGroup->setRoleId($this->getData('roleId'));
+
+            $roleId = $this->getData('roleId');
+            if ($roleId == Role::ROLE_ID_SITE_ADMIN) throw new \Exception('Site administrator roles cannot be created here.');
+            $userGroup->setRoleId($roleId);
+
             $userGroup->setContextId($this->getContextId());
             $userGroup->setDefault(false);
             $userGroup->setShowTitle(is_null($this->getData('showTitle')) ? false : $this->getData('showTitle'));