zviryatko/mulb_user_permission.module.php

## mulb_user_permission.module.php
<?php

/**
 * Implements hook_menu_alter().
 */
function familink_custom_menu_alter(&$items) {
	$items['user/%user/cancel']['access callback'] = 'familink_custom_user_admin_access';
	$items['user/%user/cancel']['access arguments'] = array(1, 'user_cancel_access');

	$items['user/%user/cancel/confirm/%/%']['access callback'] = 'familink_custom_user_admin_access';
	$items['user/%user/cancel/confirm/%/%']['access arguments'] = array(1, 'user_cancel_access');

	$items['user/%user/edit']['access callback'] = 'familink_custom_user_admin_access';
	$items['user/%user/edit']['access arguments'] = array(1, 'user_edit_access');
}


/**
 * Restrict access to edit/cancel is not administrator edit administrator user.
 *
 * @param $user
 * @param $next
 *
 * @return bool
 */
function familink_custom_user_admin_access($account, $next) {
	global $user;
	$admin_role = user_role_load_by_name('administrator');

	if (user_has_role($admin_role->rid, $account) && !user_has_role($admin_role->rid, $user) && $user->uid != $account->uid) {
		drupal_set_message(t("You don't have access to edit this user."));
		return FALSE;
	}

	return is_callable($next) && $next($account);
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function familink_custom_form_user_admin_account_alter(&$form, &$form_state, $form_id) {
	$form['#after_build'][] = 'familink_custom_form_user_admin_account_after_build';
}

function familink_custom_form_user_admin_account_after_build($form, $form_state) {
	$key = array_search('user_admin_account_submit', $form['#submit']);
	$form['#submit'][$key] = 'familink_custom_form_user_admin_account_submit';

	return $form;
}

/**
 * Submit the user administration update form.
 */
function familink_custom_form_user_admin_account_submit($form, &$form_state) {
	global $user;
	$operations = module_invoke_all('user_operations', $form, $form_state);
	$operation = $operations[$form_state['values']['operation']];
	// Filter out unchecked accounts.
	$uids = array_filter($form_state['values']['accounts']);
	if ($function = $operation['callback']) {
		$admin_role = user_role_load_by_name('administrator');
		if (!user_has_role($admin_role->rid, $user)) {
			$restriction = array();
			$accounts = user_load_multiple($uids);
			foreach ($accounts as $account) {
				if (user_has_role($admin_role->rid, $account)) {
					$restriction[] = format_username($account);
					unset($uids[array_search($account->uid, $uids)]);
				}
			}
			if (count($restriction)) {
				$message = t("You don't have access to perform operation %op for this users: %names.", array(
					'%op' => $operation['label'],
					'%names' => implode(', ', $restriction)
				));
				drupal_set_message($message, 'warning', FALSE);
			}
		}

		// Add in callback arguments if present.
		if (isset($operation['callback arguments'])) {
			$args = array_merge(array($uids), $operation['callback arguments']);
		}
		else {
			$args = array($uids);
		}
		call_user_func_array($function, $args);

		drupal_set_message(t('The update has been performed.'));
	}
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function familink_custom_form_user_multiple_cancel_confirm_alter(&$form, &$form_state, $form_id) {
	$form['#after_build'][] = 'familink_custom_form_user_multiple_cancel_confirm_after_build';
}

function familink_custom_form_user_multiple_cancel_confirm_after_build($form, $form_state) {
	$key = array_search('user_admin_account_submit', $form['#submit']);
	$form['#submit'][$key] = 'familink_custom_form_user_multiple_cancel_confirm_submit';

	return $form;
}

function familink_custom_form_user_multiple_cancel_confirm_submit($form, &$form_state) {
	global $user;

	if ($form_state['values']['confirm']) {
		$admin_role = user_role_load_by_name('administrator');
		$accounts = user_load_multiple(array_keys($form_state['values']['accounts']));
		$restriction = array();
		foreach ($form_state['values']['accounts'] as $uid => $value) {
			// Prevent programmatic form submissions from cancelling user 1.
			if ($uid <= 1) {
				continue;
			}

			// Restrict access for canceling administrator by non admin user.
			if (!user_has_role($admin_role->rid, $user) && user_has_role($admin_role->rid, $accounts[$uid])) {
				$restriction[] = format_username($accounts[$uid]);
				continue;
			}

			// Prevent user administrators from deleting themselves without confirmation.
			if ($uid == $user->uid) {
				$admin_form_state = $form_state;
				unset($admin_form_state['values']['user_cancel_confirm']);
				$admin_form_state['values']['_account'] = $user;
				user_cancel_confirm_form_submit(array(), $admin_form_state);
			}
			else {
				user_cancel($form_state['values'], $uid, $form_state['values']['user_cancel_method']);
			}
		}
		if (count($restriction)) {
			$message = t("You don't have access to perform operation %op for this users: %names.", array(
				'%op' => t('Cancel the selected user accounts'),
				'%names' => implode(', ', $restriction)
			));
			drupal_set_message($message, 'warning', FALSE);
		}
	}
	$form_state['redirect'] = 'admin/people';
}
	<?php

	/**
	* Implements hook_menu_alter().
	*/
	function familink_custom_menu_alter(&$items) {
	$items['user/%user/cancel']['access callback'] = 'familink_custom_user_admin_access';
	$items['user/%user/cancel']['access arguments'] = array(1, 'user_cancel_access');

	$items['user/%user/cancel/confirm/%/%']['access callback'] = 'familink_custom_user_admin_access';
	$items['user/%user/cancel/confirm/%/%']['access arguments'] = array(1, 'user_cancel_access');

	$items['user/%user/edit']['access callback'] = 'familink_custom_user_admin_access';
	$items['user/%user/edit']['access arguments'] = array(1, 'user_edit_access');
	}


	/**
	* Restrict access to edit/cancel is not administrator edit administrator user.
	*
	* @param $user
	* @param $next
	*
	* @return bool
	*/
	function familink_custom_user_admin_access($account, $next) {
	global $user;
	$admin_role = user_role_load_by_name('administrator');

	if (user_has_role($admin_role->rid, $account) && !user_has_role($admin_role->rid, $user) && $user->uid != $account->uid) {
	drupal_set_message(t("You don't have access to edit this user."));
	return FALSE;
	}

	return is_callable($next) && $next($account);
	}

	/**
	* Implements hook_form_FORM_ID_alter().
	*/
	function familink_custom_form_user_admin_account_alter(&$form, &$form_state, $form_id) {
	$form['#after_build'][] = 'familink_custom_form_user_admin_account_after_build';
	}

	function familink_custom_form_user_admin_account_after_build($form, $form_state) {
	$key = array_search('user_admin_account_submit', $form['#submit']);
	$form['#submit'][$key] = 'familink_custom_form_user_admin_account_submit';

	return $form;
	}

	/**
	* Submit the user administration update form.
	*/
	function familink_custom_form_user_admin_account_submit($form, &$form_state) {
	global $user;
	$operations = module_invoke_all('user_operations', $form, $form_state);
	$operation = $operations[$form_state['values']['operation']];
	// Filter out unchecked accounts.
	$uids = array_filter($form_state['values']['accounts']);
	if ($function = $operation['callback']) {
	$admin_role = user_role_load_by_name('administrator');
	if (!user_has_role($admin_role->rid, $user)) {
	$restriction = array();
	$accounts = user_load_multiple($uids);
	foreach ($accounts as $account) {
	if (user_has_role($admin_role->rid, $account)) {
	$restriction[] = format_username($account);
	unset($uids[array_search($account->uid, $uids)]);
	}
	}
	if (count($restriction)) {
	$message = t("You don't have access to perform operation %op for this users: %names.", array(
	'%op' => $operation['label'],
	'%names' => implode(', ', $restriction)
	));
	drupal_set_message($message, 'warning', FALSE);
	}
	}

	// Add in callback arguments if present.
	if (isset($operation['callback arguments'])) {
	$args = array_merge(array($uids), $operation['callback arguments']);
	}
	else {
	$args = array($uids);
	}
	call_user_func_array($function, $args);

	drupal_set_message(t('The update has been performed.'));
	}
	}

	/**
	* Implements hook_form_FORM_ID_alter().
	*/
	function familink_custom_form_user_multiple_cancel_confirm_alter(&$form, &$form_state, $form_id) {
	$form['#after_build'][] = 'familink_custom_form_user_multiple_cancel_confirm_after_build';
	}

	function familink_custom_form_user_multiple_cancel_confirm_after_build($form, $form_state) {
	$key = array_search('user_admin_account_submit', $form['#submit']);
	$form['#submit'][$key] = 'familink_custom_form_user_multiple_cancel_confirm_submit';

	return $form;
	}

	function familink_custom_form_user_multiple_cancel_confirm_submit($form, &$form_state) {
	global $user;

	if ($form_state['values']['confirm']) {
	$admin_role = user_role_load_by_name('administrator');
	$accounts = user_load_multiple(array_keys($form_state['values']['accounts']));
	$restriction = array();
	foreach ($form_state['values']['accounts'] as $uid => $value) {
	// Prevent programmatic form submissions from cancelling user 1.
	if ($uid <= 1) {
	continue;
	}

	// Restrict access for canceling administrator by non admin user.
	if (!user_has_role($admin_role->rid, $user) && user_has_role($admin_role->rid, $accounts[$uid])) {
	$restriction[] = format_username($accounts[$uid]);
	continue;
	}

	// Prevent user administrators from deleting themselves without confirmation.
	if ($uid == $user->uid) {
	$admin_form_state = $form_state;
	unset($admin_form_state['values']['user_cancel_confirm']);
	$admin_form_state['values']['_account'] = $user;
	user_cancel_confirm_form_submit(array(), $admin_form_state);
	}
	else {
	user_cancel($form_state['values'], $uid, $form_state['values']['user_cancel_method']);
	}
	}
	if (count($restriction)) {
	$message = t("You don't have access to perform operation %op for this users: %names.", array(
	'%op' => t('Cancel the selected user accounts'),
	'%names' => implode(', ', $restriction)
	));
	drupal_set_message($message, 'warning', FALSE);
	}
	}
	$form_state['redirect'] = 'admin/people';
	}