It's currently possible to assume the identity of another user when specific permissions are enabled. This can be handy for quickly testing and troubleshooting page setups or other issues for a specific permission group without needing to make additional accounts.
The feature, however, allows users with this permission enabled to assume any user, even if that user has a "higher" tier of permission group than their own. This request is to implement some sort of control that would allow admins to define which permission groups whose identities are allowed to be assumed.