For instances of the manager that are deployed to an application server, all manager users are allowed to see all tabs by default. A user can see all tabs even if the user is not allowed to perform any actions on the tabs. You can simplify the manager interface by hiding tabs from users who do not have a user role of admin.
Only users with a user role of admin can change access to tabs in the manager.