Jsf, Naming, RequestController, SecurityManager, Singleton, Weld subsystem configuration details have links/buttons Edit, Add, Remove enabled even for roles with insufficient permissions like Monitor.
Fortunately these operations seem not to be performed successfully for such role.