As designed Admin with no set permissions can access tools->diagnostics

[Steve F]

Not sure if this is by design or not, can't think of any reason why an admin should be able to access the tools->diagnostics when no admin permissions are set. So no matter what permissions all admins have access and can run file health check, ect...

 

[Mike]

There's simply no permission check on this area (beyond being an admin). A separate additional permission is not required for all areas of the control panel.