I have some doubts about groups and permissions managment.
The first doubt is if, into the distinct permissions of each role, you can delete some permissions, per example if I could revoke the admin (at the project level) from creating repositories.
The next doubt is if It is possible to limit the group access to determinated roles, per example, imagine that I want to create a group only of admins (at a repository level) and I, by mistake, join an user who is a reader, is there any setting that wouldn´t allow this mistake from happening?
if I could revoke the admin (at the project level) from creating repositories
Administrators have implicit permissions for any lower level entity, so what you’re describing here is not possible. For example, a project admin has implicit repository admin permission on all of the repositories in the project. A repository admin could not restrict access to the project admin.
I, by mistake, join an user who is a reader, is there any setting that wouldn´t allow this mistake from happening?
No. Just as there is nothing stopping you from giving a user explicit permissions to something, there is nothing stopping you from adding a user to any group either. As with all permissions, one must be very careful about what they are doing to prevent these kinds of accidental mistakes.