I don't think there's any "best" answer, as it will depend a lot on your organization's size, needs, etc.
At my last job, I managed organizational accounts for a university. We had ~70 active users any given semester, but many of those were students who may or may not be active after the end of the semester. In those cases, we did not enable a lot of the typical permissions you listed, since the account would more than likely be deactivated in less than a year.
Faculty and staff, on the other hand, we definitely added the same permissions you did. For a few faculty members in the GIS department, it would also make sense to allow them to initiate support tickets, as they may be overseeing a class and have the best firsthand knowledge about the technical issue.
At my current job, however, there are only three of us working for a small county mapping department. Other users of our system are primarily accessing resources through configured web apps, etc., and don't need anything as far as permissions go. The three of us in the department, though, all need most / all of the permissions available.
- Josh Carlson
Kendall County GIS