If you want to create an administrative role that does not have permission to delete devices and credentials, you can do so by adding some administrative permission to the user and removing the two following permissions: “PAM.PrivilegedAccounts .Credentials.Delete” and “PAM.Devices.Delete”.
To create a new role, follow the steps detailed in the following community: How to create a new Role and add it to Users.
By following this password guidance, it will be possible to configure an administrative role that can manage the secure platform but without the ability to delete devices or credentials, increasing the protection of this information.