When to Set Individual Privileges for Users?

[Sinister Pisces]

I've disabled the root account for web login after creating my own non-root admin user that belongs to the "admins" group. The OPNSense web UI recognizes that user as an Administrator. 

However, I've noticed that for each user, there's a "Privileges" section that indicates "nothing selected."

I looked at the docs and was still a bit confused by this, so I wanted to clarify exactly when the "privileges" come into play. I've still got full access to the web UI and can SSH in or log in via a monitor and keyboard, so I clearly am not being restricted by having "no privileges" selected.

Does being in the "admins" group designate me as a non-root superuser and thus override the privileges setting? I assume this is what's going on.

In that case, if I had a non-admin group user, would I then need to use the privileges setting to actually control what they could do on the machine?

I'm assuming that the privilege setting has nothing to do with what users can do if they have shell access, which are controlled entirely by SSH-related settings.