I am trying to restrict access to some users so that they cannot view the System menu which provides sensitive information.
I worked around the fact that the Reader role cannot be removed from a user via the Web UI by using the API to create a role without inputs:read (Since System -> Inputs contains sensitive information) and then removing the Reader role from the user and assigning it that new role.
However, users can still view the System -> Nodes and i cannot find a way to remove this. System -> Nodes provides access to the REST API Browser which then allows anyone to retrieve all system users or any other sensitive information.
Could you please advise? I need to be able to use the API Browser as an admin (So i can’t disable it in the config) but I certainly don’t want regular user to have access to it.