If my memory serves me correctly, you may not be able to limit to the level you want a user who is an Administrator. There are certain 'they always have access' levels with Administrators.
https://docs.kentico.com/k10/managing-users/user-management
Global Administrator - The user has full access to all parts of the system for all sites, and can perform any operations (regardless of permissions or other settings). Global administrators are the only users who can work with global applications.
Administrator - The user has unrestricted access to non-global applications for all sites in the system (administrators skip permission and UI personalization checks).
Editor - The user can access the administration interface and on-site editing mode for all sites assigned on the Sites tab.
The Editor privilege level does not grant any permissions – it only differentiates between site editors and registered users who are limited to the live website. To allow editors to access applications and perform actions, you need to assign roles.
None - The user cannot access the system's administration interface. Ability to view pages and perform actions on the live site depends on the site's security options and the roles assigned to the user.
So as you can see, you will need to go with an Editor and give permission, vs. Administrator.