I thought I saw this option before but can't find it now. We want to allow someone to explore the entire environment but won't be able to make any changes. Thanks for your help!
By default all users have the ability to view all monitored applications. You can optionally allow them access to the Real-Time Event Log Viewer, Real-Time Process Explorer, and even the Service Control Manager. There is also a SAM Admin Role which allows users to assign and modify application templates without them being able to add/remove nodes, create/edit user accounts, or modify things like views and menu bars.
