In CA APM there are lists that are found on the "Directory"
Ex: Asset Family, Biling Code, Capacity Units etc.
Currently when creating a new role any user without administrative permissions can create, edit or remove items from these lists.
You can not hide the tab "Directory" and the process to restrict access is to create a read-only configuration for each list individually.
The solution to this is to come by these standard list settings, allowing the desired function is only related read-only or editing.
Allow access to tab "Directory" only for those who have the Administrator role, may be an option?