It would be nice if a user in an organisation could be granted 'edit user' access (etc.) solely for other users within his organisation. (Ditto for location.)

As with the usual separation of powers model, the permission should not allow the privileged user to elevate any others to his own level. (E.g., in IRC, you typically can only grant your-access-minus-one to others.)

With a limited number of administrators, the ability to delegate this sort of self-maintenance to organisations would be extremely useful.

Perhaps this can be done as simply as adding the organization and location bits to the filter list on the user profile page.