When you start a scan against targets which have authentications Intruder's scanner will attempt to login using your authentications and will begin scanning your applications. This will involve:
Our scanner crawling all pages within your application
Identifying different points where data can be sent to your application
Sending data (and crafted requests) to the application
Checking responses to see if there has been any successful exploitation or any vulnerabilities exist
Therefore, if you add an authentication which has administrator permissions on your application, our scanner will find all functionality that your admin user has access to. If this includes destructive functionality then you should consider NOT adding that user to your authentications as it is likely our scanner will find that functionality and activate during its standard scanning process. Destructive functionality can include things like:
Deleting users
Deleting accounts
Suspending the account
Locking out user
Deleting pages/data
etc.
Carefully consider the potential impact to your application if our scanner finds ALL functionality that your admin user has access to.