currently, an admin can remove admin permission from all roles, and can also remove everyone from all roles. either of these two actions will completely lock everyone out of the system.

one solution is to make it impossible for an admin to revoke their own admin permission. that is, an admin would not be able to take any action that would revoke the permissions required to administer roles. I believe that permission set is "view member pages", "view admin pages", and "edit roles". The actions that could revoke those permissions are as follows:

1. removing themselves from a role, or
2. removing permissions from a role that they belong to