What is "rank"? Is it like "role", except without the ability to separate concerns (that is, giving people the ability to operate with elevated access, but only within part of an application)? And I hope your password changer adds a requirement that the user must change the password at first log-on; you have no business knowing any of your users' passwords.
Apart from things that are specific to the application (and only you can know what an app-level admin would require in an application you're writing), it's common to have banning and/or hellbanning facilities. ("Hellbanning" is when a user sees his/her own stuff but nobody else can. It keeps people from immediately starting to post under a new identity, and often they just assume that nobody is feeding the troll.)
I have a couple ranks, and yes they give certain people certain privileges such as editing posted stories, and hiding certain stories. The password changer is a temporary feature only used when requested, and users can change their password themselves if logged in. (I personally know most members of my site and this is just temporary until I get the email issues sorted.) Banning is covered by the rank changer, though I might add that extra level. Also, should ranks be stored as numeric or alphanumeric values? Currently they are stored as the rank itself (such as Admin or Editor) but I think that it would be easier to use something like if $rank > 3
Ranks are wrong altogether; your hierarchy will become non-flat at some point unless your site/app stays really small, trivially small. Use roles instead (and you can combine that with more general access levels if you wish, but that should be restricted to things like "owner", "unknown user" and so on). Named roles are much easier to maintain and understand than numerical access levels, and it's much easier to add user roles as the site expands than it is to go back and rewrite everything so that people who were superusers in one area don't automatically inherit elevated access where they shouldn't have it. Again, I can't stress enough how important it is that you FORCE your users to change any passwords you know; simply granting them the optional ability to do so is not enough.