Partners with existing delegated admin privileges (DAP) relationships
This would seem to be the key phrase: they've already been given specific and potentially broad permission to
mess around withmanage their customers' systems. All that's happening is that for a limited period of time that permission is being extended to the new model. I can't immediately see what access this gives to "partners" they did not already have.