Administrator user should be able to see "Assigned User Groups" Tab and join any group (except the ones that are over him (such as super user).

You can't do that because you don't know which groups are "higher". The hierarchy you see in the groups doesn't necessary mean the same hierarchy applies for ACL. "Higher" groups may have actions denied that lesser groups can do.

So the only way to prevent a user from elevating his own permissions is to restrict the access to his own permission related things.

I'd say this is intended behavior.

The logic is wrong and i point why.
The admin can make other users and give access to whatever group he want to. And that action checks if the user has user groups over him and dont gives him access to those.

Also its something that on Joomla 2x was a working thing.

This is a bug and i dont know for how long ...!

If I remember right it was done as part of a security issue (elevating permissions).

@SniperSister Can you check this with JSST?

I did a quick "git blame" and found out that this was related to this PR:
#10776

So... why do we let him make another user and give whatever access he wants to? ?

I think that a user should be able to join another group if this user has rights to use the user control system and this group is under him...

That's the thing! There is no simple "under him" in the current user group setup, because the subgroups don't necessearly need to have more privileges than the parent group.

Closing as expected behaviour even if it is not desirable