Prevent regular webmin users from creating new custom commands

I see the server administrators is used on UI, but since its ambiguous (are we talking about the main server as the system or virtual server as a website?) and to be on the same page with you, guys, what I am going to talk about is not the superadmin or reseller, but the website owner who has Webmin login enabled.

We give such users a possibility to launch custom commands, for example, to restart a custom service through Webmin > Others > Custom Commands page. Luckily we can compose lot's of various useful commands or file editors on this page, so everything works just ok except one important security breach point: users can compose any custom commands and execute them as root user. And that's actually quite serious vulnerability, because you never know how much the end-user (with Admin login enabled) is inexperienced, but curious or in even worse scenario how much he is in fact experienced and malicious to break the whole system.

So my request is to leave the:

• Create a new custom command
• Create a new file editor
• Create a new SQL command
• Edit

buttons to SuperAdmins and reseller account owners, but to remove all of them from regular Webmin users' access, so they could use those composed for them custom command and editor buttons, but could not compose new ones.

Thanks for considerations.