Limit "Manage users" right
The Administration role's "Manage users" right appears to include read-only access to the system's roles as well. Is this by design? It seems slightly confusing but otherwise harmless.
Create an Administrative role and associate the "Manage users" right, and only the "Manage users" right, with it.
Assign the Administrative role to a user.
Login to OpenLMIS via the user and note that Administration -> Roles is presented as a menu item.