admin/reseller/client permission inconsistencies
There are some permissions issues when editing things as admin vs. reseller vs. client, detailed cases will follow.
This is borne from discussion in !1088 (comment 78755) where it is clear that client protection is intended to affect only the web_domain table, and therefore clients/resellers should always be able to create/edit/delete other entities (dns soa, mail domain, etc.).