Login, Permissions, Security

I want to see that when a user only has Asset View, they should be able to only see Assets and nothing else in the system. The fact they can see settings and integration usernames at a global level feels like a potential breach waiting to happen.