Raised from JSP-202933, as per quoted below:
We want to be able to mark specific groups so that project administrators cannot allocate them to roles in projects.
A marked group should still be able to be added to a role in a project by a user with the site-administrator permission.
In a large enterprise instance (say with 1,000 projects) , there would be a handful of people with project administrator role permission and is hard to control them individual level. In this case, a project administrator may added a common group ie jira-users group into a notification group, which will spam the entire company.
Some of the specific group, should be restricted from the project-administrators.