Allowing any admins to create arbitrary users is not ideal because it can lead to abuse issues. We should require something stronger that requires the server operator's approval and thus we add a new can_create_users permission.
Mateusz Mandera