We found out today that the ability to add customers to the do not mail list was tied to the Accounts permission. This permission also controls access to our installation's users and their permission in the Maropost system. Effectively this forces us to give all our support team full administrative access to our MP accounts to create and manage users.
This action can then expose data that could push us out of legal compliance. I'd like to request that there be a specific user permission that is tied to the administrations of our setup and not tied to any needed customer actions.