It is great to see that now IP restrictions can be setup by user role. However, this still proves ineffective as any normal user, after logging into zoho, can type "accounts.zoho.com" in the browser URL field, select the "Allowed IPs" option from the left frame and delete all IP restrctions that were previously set on his / her role by the admin of his / her organization.