Restrict Publisher's Capability in ArcGIS Server Manager

So, from the description I read in this webpage( Publisher role support in Manager—ArcGIS Server | Documentation for ArcGIS Enterprise  ), Portal users in the Publisher role can log into the Server Manager and do a lot of the stuffs, like the one indicated in the screenshot below: 

I have no problem with users changing the settings of the services they published.

But upon further testing, I found that those users in Publisher role can actually:

1. start/stop system geoprocessing services, change the setting of those services:

2. Unregister database、raster store that not even created by them：

So in my opinion, it's bad design and this should be admin's previlege not user's. Let's say if my org have hundreds of account with Publisher roles and have all of them with ability to disrupt normal operation is a serious security risk.

related post: Restrict Publisher from accessing Server Manager - Esri Community