Currently, you have to be an 'admin' or above to create searches in Trac but admin-level users can also add additional users to a domain. We could do with either an additional user level which sits between a 'user' and an 'admin' that allows users to create searches but not have admin rights. Or the additional functionality to select if users can or can't make searches.
Or perhaps 'super admins' are the only access level that can amend user settings and add new users.
This is on the Roadmap for Q2 this year. Thanks for the submission.