Hello Hock,
In the ENTM it is possible to restrict users from certain tasks in the UI by basically assigning the user to the relevant Admin Role.
What is to see in the Endpoint Management is however determined by the User Type of the relevant AC user, e.g
Creating a user tester in selang:
PAMSC> eu tester auditor password(log69in) unix
This user in Endpoint Management only sees Dashboard, Audit Events and Command Console tabs.