Description:
While there are Full, Edit, Comment and View user roles for Team Drives, the Edit role leaves Super Admins with few options to control the assignment of the Team Drives.  I understand Google fully intended that all organizations allow all users to create their own team drives and manage the memberships themselves, but this is not a realistic scenario for all organizations and should not be our only option.  All that needs to be done to remedy this, is to slightly tweak the "Edit" role.  Right now a user with Edit rights can "edit all files and upload new files."  This needs to be extended to delete and move all files and folders.  With this simple change, the Full Access can be reserved to department/team managers and G Suite Admins empowering us to control who has access to our Team Drives.  tl;dr - Not allowing the "Edit Access" Team Drive role to delete and move all files and folders opens the possibility of a data breach as it forces us to assign the Full Access role to all members of the Team Drive and unnecessarily pits the users against the Super Admin.

Use case:
With the Edit role able to upload/edit/delete all files and folders, we can assign this to the members of the Team Drive ensuring they can access the data, without having the ability to add or remove other users.  We can then assign team/department/cohort leadership to the Full Access role to manage membership to the Team Drive.

Motivation:
Right now this is very counter-intuitive and quite honestly will cause my significant problems in my organization.  I get why this was done, but I disagree with the lack of options.  In an organization where I am expected to provide a service, I am unable to consistently create Team Drives and attach them to consistently managed Google Groups to ensure the correct users have the proper access to the team data.  This is not about control or disempowering my users, it's about being able to provide this service so my users do not have to.  They are not system admins, they are teachers and need to teach.

Existing workarounds:
Right now I am assigning Team Drives to Google Groups with Full Access to the Team Drive.  The employees in these groups will be able to add anyone to the Team Drive.  If/when this data breach happens, I will need to first find out that this happened and then remove the user.  Any time between the user making this change and me changing it back is an opportunity for a breach.  Even if no breach occurs, Team Drives will actually create friction between my responsibilities and the user's desire to dictate data access outside of their role in the organization, instead of empowering both of us to simply find success in our respective roles/responsibilities.