You can set the global session group viewing permission under "AllSessionGroups" when you edit the role. If you deselect "ViewSessionGroup" under "AllSessionGroups," going forward, all sessions groups will be invisible to that role. To allow only certain session groups to be visible, you'd need to edit by role and select which session groups that role can see. That sounds like what you're after. 

This way, you'll have to update your 5 roles to remove the ViewSessionGroup permission, but then you're only selecting the session groups you want that role to access, as opposed to deselecting all the session groups you don't want them to see.  

FYI all, 19.0 (previously 7.0) is in Canary!

Hi Ntibayan, 

While you can't currently hide tabs from certain users, you can update permissions so that a certain role cannot send commands from the host page by removing the RunCommandOutsideSession permission. 

Hope this helps! We'll register your other requests as feature requests. 

No problem. In that case, suggest downloading the Report Manager extension and creating a grouped Session report that can include guest operating system name and version, client version, machine name, etc. There are numerous fields you can add to this report that will provide machine information. 

Hope this helps!