One thing that came to my mind was a

relation is_admin: user:*

and then

permission block = some_path_to_normal_permission - is_admin

(assuming this is on a

user

type that you would block). Then you write a relation to user:* as a sort of boolean to mark the user as an admin. But I feel like there is probably a better option, just hadn't thought through it that much