Intune scope tags

Hello All,

I am just playing around with my Intune test tenant and experiencing some issues on Scope tag. 

Created scope tag 1 which is assigned to admin1 (role - can read and write compliance policies, read and delete devices) (No other roles assigned)

Created scope tag 2 not assigned to any admin

Created compliance policy and removed the default scope tag and added scope tag2. My issue is, still admin 1 was able to read and write this compliance policy. Why this is happening and Am I doing something wrong?