We created a customized application support security group (Pseudo Admin role) which excludes the accesses of cube view form input, JE create/post and user security provisioning. This is required by internal control as segregation of duties. We updated maintenance group setting with this Pseudo admin group in all applicable components. e.g. Workflow profiles, Transformation rule, dimensions, confirmation rules, Forms/JE template, Dashboards etc. The limitations we confront are that the following components are accessible only to the default administrators. Can we enable the discrete security settings to those components instead of default to admin only? Thanks!
The System / Security page has a System Security Role screen. That contains the "System User Interface Roles" section, which should regulate who can see the pages you mention. If you don't see, for example, "DatabasePage" in that list, either you are in a Cloud environment with some limitations (in which case, talk to Support), or you are on a very old version.
Not sure what "CAT" is, but System Diagnostic is a Marketplace solution. Access to that will be governed by the Access Group set on the Maintenance Unit and the Dashboard Group (and the Workspace, in versions 7.3+ and if not in Default Workspace) that contain its Dashboards. Check on the Dashboards page, either in Application or System.
If that doesn't work, or works partially (e.g. the user sees the dashboard, but it doesn't load properly), it's possible the solution itself is doing some check in rules, which might be hardcoded to Administrators. In that case, get in touch with Support.