By default, a user is in the PUBLIC role and cannot do anything. You then should grant them permissions piecemeal. There are probably 1,000 things a member of SYSADMIN can do that a PUBLIC user can't, and the list changes with each release of SQL Server.
The following query will (basically, I think) return a list of high level permissions. I'd say use this list to have a conversation with the user and then both of you decide what they need to perform as part of their job role.
SELECT DISTINCT parent_class_desc, parent_covering_permission_name FROM fn_builtin_permissions(default);
SERVERCREATE ANY DATABASE
SERVERCREATE DDL EVENT NOTIFICATION
SERVERVIEW ANY DEFINITION
SERVERVIEW SERVER STATE
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho