--- adminrole.module	Wed Jan 07 17:12:03 2009
+++ adminrole.module	Wed Sep 23 17:05:50 2009
@@ -53,6 +53,13 @@
         $perms = array_merge($perms, $permissions);
       }
     }
+    // remove excluded permissions
+    $exclude = variable_get('adminrole_exclude', '');
+    
+    if ($exclude) {
+      $exclude = explode("\r\n", $exclude);
+      $perms = array_diff($perms, $exclude);
+    }
     db_query('DELETE FROM {permission} WHERE rid = %d', $admin_role);
     if (count($perms)) {
       db_query("INSERT INTO {permission} (rid, perm) VALUES (%d, '%s')", $admin_role, implode(', ', $perms));
@@ -78,6 +85,15 @@
    '#default_value' => variable_get('adminrole_adminrole', 0),
    '#description' => t("Which role should get all permissions?"),
    '#options' => $u_roles,
+  );
+  
+  $form['adminrole_exclude'] = array(
+    '#type' => 'textarea',
+    '#title' => t('Excluded Permissions'),
+    '#default_value' => variable_get('adminrole_exclude', ''),
+    '#description' => t("List, one per line, permissions that should be excluded."),
+    '#cols' => 60,
+    '#resizable' => FALSE,
   );
 
   return system_settings_form($form);
