With regards to your question about the different roles :
Admin users can read, write and subscribe to any stream, can manage other users and can perform any activity on the Event Store database (such as scavenges etc.) Admins can also read system streams - a system stream is any stream beginning with “$”
Ops users are able to perform activities such as scavenge and shutdown on Event Store, but behave like a standard user when it comes to reading and writing.
Standard users belonging to other groups are able to read, write and subscribe to any stream that they have access to. By default, any user can read from any stream that isn’t a system stream. Access to streams can be changed by setting the stream’s ACL.
For your use case, you might want to create your own groups for users that can write and subscribe to the streams you are interested in, and set the ACL on those streams when they are created.
You should not need to create an admin user to do this.
With regards to your admin user creating a subscription :
Can your new admin user read from the stream without a problem? What about other users?
Did you set any custom ACL’s on the stream you are subscribing to?