Would it be possible for the permission level for new modules (or new enhancements) to default to off/read only for all non-administrator roles? This would give administrators time to evaluate the new module and do any necessary training before other users start utilizing it.