Of course it depends on the user. In larger organizations where there are some seriously talented people, very typically someone in the organization has full admin access. We let the client determine that. They paid for it. I would not presume to make that decision for them if they have the requisite skill sets. If it were, say a car dealership, I might wall them off from some things yes. A convenience store, definitely, but they probably would not have a VMS anyway.
When also engaged for IT services, we tighten the screws on everything.
Where the IT departments are frowned upon, (to big too and/or unresponsive) we do create a cusadmin accounts, needed user accounts, and or auto login accounts with local group policies that remove all menu access and auto logoff policies too.
It can also be a case where the IT or other departments should have ZERO access to the systems.
Yes, within an organization where they restrict access from users, departments, etc. there is a user that has all of the credentials, we maintain a master copy too. The policy you list below is very common in the IT support industry. " limit the customer's ability to choose another integrator."
Being asked for the administrator password is a sign of being shopped. It's also a sign of they forget where they put the envelop or where they saved the keys. In any event, withholding that information is risky and could have legal repercussions.