Wikimedia wikis define the concept of "privileged user" via a list of local and global groups, see $wmgPrivilegedGroups and $wmgPrivilegedGlobalGroups here. This is mainly used for password policies and logging. We never really defined what's the criteria for a group to be considered privileged, but roughly it's "as much or more powerful than an admin".

When taking preventative measures against account compromise (such as forcing people to use 2FA), we are using a narrower definition of "privileged" - which are the accounts where, if an attacker took them over, we would have serious security concerns about what they might do with them? For example, an interface administrator account is very abusable. An admin account cannot really do anything the local community can't easily deal with.

So, we need to split the list of privileged local and global groups into two, "privileged" and "highly privileged". (And maybe this is a good time to review if anything needs to be added, the list is quite old.)

T290790: Group OAuth grants by riskiness might be helpful for thinking about which groups are privileged vs. highly privileged - I think these would be the groups with user rights that that task calls "vandalism risk" vs. "security or privacy risk". (Note that that's an OAuth task, and so written in the terms of grants, not rights. The mapping (for one specific wiki) is at Special:ListGrants, or $wgGrantPermissions. Note also that there are user rights which aren't part of any grant, and so not reviewed in that task.)