You can use execute to prevent other server admins from knowing who issued a rogue command

The bug

Using /execute as @e[type=!player,limit=1,sort=random] run ban PLAYER
where PLAYER is a player username, anyone with access to the command /ban can ban someone without being detected, as every record claims that "[ENTITY: Banned PLAYER: Banned by an operator.]" where ENTITY is a random entity name, such as Sheep. This can cause a problem for server administrators/owners, as administrators can op or ban players. Furthermore, this can be 'hidden' by using
/gamerule logAdminCommands false and /gamerule sendCommandFeedback false.

Suggested fixes

• Log every command that a player runs (not result, but actual command) and command that is entered into a command block in server console, along with where the command was executed.
  • This can only be changed and disabled in server.properties.
  • This could also be stored in another log, such as commands.log.
  • Examples:
    • "Player123 successfully ran following command at (0, 64, 0): /say Hello"

• • • "Player123 entered command into command block at (0, 64, 0): say Hello"
    • "Player123 failed command: insufficient permission: /op Player123"

• Commands like /ban store the original executor in the ban list.
• Commands like /ban are not allowed in /execute.
• Commands ran via /execute store their original executor (whether it was a command block, a person, the console, or RCON).

This bug does not affect third-party servers like Spigot, as they log every executed command.  However, saying that people should use these servers if they want this functionality is irrelevant, as most of these servers' development teams can't keep up to date (especially with snapshots) for the people who use them.

How it can be exploited

A rogue operator uses this exploit to run operator commands without being traceable. Some damage can be fixed (such as banning players), while other damage can't without backups (such as making everyone creative on a survival server), while some can't even be fixed (such as opping everyone, allowing them to /tp to other players and see things such as their base location and what they have on a major survival server).

This shouldn't happen if the owner only ops people they trust.  However, no one will know who did it except the perpetrator (IF the account wasn't hacked without the account owner's knowledge).  Even worse, someone could 'frame' someone else for running malicious commands and they could be punished for something they didn't do.  Even worser, someone with knowledge of this exploit can do it on themselves and then show it to the owner, taking the blame off of them.

Now, let's say that one of my suggestions were taken into consideration: the owner, after seeing the damage, can see who actually ran the bad commands and then deal with them appropriately, or if they were hacked, work out a solution and fix the hacked account.  The damage won't be fixed, however, the chances of it happening again can be minimized. 

Reproduction

If you haven't gathered from the bug, then here are the steps to reproduce:

1) Run the command /execute as @e[type=!player,limit=1,sort=random] run ban YOURNAME.  You will be banned from the server.

2) Check server logs and the banlist.json file.  You will see that a random entity name will have banned you.

[Optional]

3) Pardon yourself, and then run /execute as PLAYER2 run ban YOURNAME (with PLAYER2 being someone else on the server).

4) Check server logs and the banlist.json file, again.  You will see that the player has successfully been framed.