The workflow spec has a "privilege" attribute for each of the actions (edit, reassign, etc. in bug-tracker). There you would list the privileges which, if granted to you on the workflow case object (a bug, in this case), will allow you to perform that action.
As for a default installation of BT everyone with the "write" privilege on a bug should be able to perform every available action on a bug without being an assignee (possessing a role).
Perhaps you could try to grant one of the admin people "write" on the BT instance or on one of its components and see how that turns out?