The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.