Google Workspace Admin can not directly access users emails, however, Yes, he has following options to look at any users emails-:
Google Workspace has different plans, and one of them is called “Google Workspace for Business” which comes an application called “Google Vault“, which saves a copy of all users emails, on the record chat, group messages, files in Google Drive and Team Drive.
So even if a user deletes his/her email or a file in Google Drive, you can login to Google Vault as an Admin and search for users emails.
Please note -: above vault based solution to access your users email will not work with Google Workspace basic plan as Google does not vault with it, however it can be purchased additionally as shown in Google Vault Pricing guide here.
(ii) Email Delegation -:
Google Workspace offers an email delegation feature where you a user can delegate his or her gmail mailbox to someone (e.g a CXO delegating to executive assistant), this is usually done by a user, however Google Workspace Admin can also do it via Gmail API without even users noticing it.
Note-: Though Google Workspace Admins can setup email delegation behind the scenes, if you are a user you can go to your delegation settings (Gmail –> Settings –> Accounts –> Grant Access to your account) and check if their account is delegated to someone and can delete the delegation too.
(iii) Google Workspace Content Compliance Rule -:
Google Workspace Admin can also setup a rule in admin console to trigger a bcc copy of all (or required) users email as shown in the video tutorial above, and this solution works with all Google Workspace paid plans.
(iv) Google Workspace Admin Audit API -:
In case if your requirement is not fulfilled by above solutions, you may consider putting a custom solution based on your needs with Google Workspace Email Audit API. You also don’t need to start from scratch here, if you know a bit of Google Apps Script, you can use this OAuth 2 library to easily use Audit API within Apps Script.