Do note that ALL users do have an user role. Because anonimous user have the anonimous user role. So in the access rule just give every role access to the object on that page.
End-users with this user role can manage users that have at most the selected user roles, and can grant only the selected user roles. Select (No user roles) to only manage users without a user role (for example, newly created users). If nothing is selected, end-users with this user role cannot manage users at all.