CUPS has a quite restrictive allow/deny policy. Cancelling jobs requires the owner or root (OK, makes sense), for starting and stopping printers you also need root privileges. My root password is befittingly cumbersome, so I looked for some kind of CUPS sudo.
The file to look for is /etc/cups/cupsd.conf, which can be conveniently edited from the CUPS web interface's (localhost:631) Administration tab.
There are two options: either disable the password prompt completely (convenient, but on the risky side), or give your own user CUPS admin rights.
First option: change the line "DefaultPolicy default" to "DefaultPolicy easy". No password prompt ever, even if you fiddle with the configuration files. Not sure I like that.
Second option: Get the password prompt to accept your own user. For this, change the line "SystemGroup sys root" to "SystemGroup sys root lp" and make sure your user is a member of the lp group.
Judging from the structure of cupsd.conf, I suppose it is possible to fine-tune individual permissions by changing/commenting out the AuthType/Require user statements in specific <Limit> … </Limit> blocks, but I saw no need to do that.
The CUPS web interface will restart the server after changing the configuration, however, your login status is apparently preserved. Reopen the interface in a new browser window to re-login.