If your organization requires certain users to be able to do all kind of configuration changes (gateway, samplers, rules, etc.) but a separate group of users will be managing authentication, you can easily segregate the roles and remove specific sections access such as Authentication. This can be achieved by using section permissions.
1. Turn on the setting "Enable section permissions" at the top level of the Authentication section:
2. Create a role with "sections" permission, allowing everything except the authentication section. This applies across all files that the user with this role is able to edit.
3. Apply the role property to any user/user group you wish to remove authentication section access.
This setting is different from 'Restricted sections' which is a top level item (rather than being under Authentication) and applies to all users on a per file basis - allowing include files to be limited to a particular purpose.