Currently, all instance management permissions are tied to billing. This works well for small instances but less well for larger instances, and it's something we likely have to split apart anyway.
Splitting out a "Can Manage Members" permission is likely straightforward. In the future, T7148 anticipates something in the vein of a "Can Export" permission, and private clusters will undoubtedly require additional permissions.
We should think about this a bit and plan out any additional permissions we're likely to need in the near-ish term.