Hi Patrik,
Are you asking because you don't have PIM?
From my experience it's better to work with the existing roles but use PIM to control access to all privileged roles.
You should can also use PIM to have another user authorize the use of privileged roles so there's no single person allowed to do any changes.
And if you're dealing with b2b, supply chains, etc that need privileged access to resources I'd suggest looking at Priva.
Reference:
pim-getting-started
microsoft-priva-risk-management