Provisioning Manager does grant the ability to do the tasks you listed.
I think a better approach might be to explain what they're trying to do that they can't do. For example, are they trying to grant access via shared services or .sec load?
I fully agree Jeo123. I would add that "adding" or "deleting" Native users may also require the person to be a Shared Services administrator. Provisioning for a given application allows you to change role or class access for the application, but you can't create a new Native user. You could assign a new native or external user with roles.