Hello Karen,
You can use like …/Administration.Account/System.UserRoles = '[%UserRole_Administrator%]'
Acces rules are defined per user role, so you only need to allow the Admin role to delete the objects.
Both can and should be covered at security level.
current user is the entity’s owner:
Access rule 1: allowed to delete objects: true
+ Whatever the module role is allowed to do
Add on the access rule an xpath: [System.owner='[%CurrentUser%]']
Access rule 2: allowed to delete objects: false
+ Whatever the module role is allowed to do
Administrator:
Access rule with: allowed to delete objects: true
+ Whatever the module role is allowed to do