If an administrator has an additional role with sufficient rights, then he can impersonate users. When doing this, the administrator has access to exactly what that user can access in the system. His roles and groups are equal to the roles and groups of the user impersonated, including the same UI layout.