I’m going to +1 this because I want the ability to hide these options from people who don’t need to see them. But I don’t really agree with the security issue portion. If your goal is operate HA in some kind of multi-tenant environment where data can be fully segregated and users can only see their own data then you need to make a separate feature request for that. And boy will that be a lot of work.
Just in case people are unaware, it really doesn’t matter whether these tabs show up or not from a security perspective. All these tabs do is make calls into the REST API. Anyone with a login can do that, they don’t need a UI. The API allows anyone with a login on your system to get any state, call any service, create any state, etc. etc.
So yea, hiding these tabs is irrelevant to security. That’s a form of security by obscurity at best (except not really because the APIs are pretty well documented).