A Content Admin role can get all content permissions (UPLOAD, RENAME, MOVE and DELETE) but can be limited.
The role does not allow to set permissions. When documents or folders are created the selected items will inherit the permissions that are applied to the Vault or the destination folder. Therefore these items might become visible for (external) users.
Reports: When granted report permissions a Content Admin can see its own and End User activities.
Example for a Content Admin role: Users in this role have to upload documents, but don't need to manage roles and permissions.