A Script to Create a Modify All Data Permission Set
If you follow the principle of least permissions -- and you should -- then it should make you cringe a bit to grant someone admin permission in production. System Administrator allows anyone with that permission to pretty much do whatever they want. That cuts both ways, where it removes obstacles to people's day to day, but also creates risks for honest mistakes and even bad-actor behavior. We're working on how to structure permission for our admins and devs so that they can do their day job, but remove permission to change metadata since that needs to go through DevOps. Cloning the System Administrator Profile and removing "Customize Application" is a start. But as your org changes, you have to make sure that permissions are added to the cloned Profile as fields are created. Basically, we need a way to ensure "Modify All Data" includes permissions to all objects, fields, tabs, etc. To facilitate this, as a little side project I've created an Apex class