Why does a new (LDAP) user with no role, no permissions, no modules have so much access?

I’m new to ERPNEXT/FRAPPE. Still testing ERPNEXT Vs. some other open source ERP’s.

So far I have LDAP working fine and starting to learn the ways of ERPNEXT.

New LDAP user has access to so many things. After I disable access to all modules except “desk” and give user no permissions to anything, user still has access to:

Home > Dashboard
Home > Leaderboard
Home > Data Import and Settings > Letter Head
Kanban > New
Settings > Email / Notifications (email template & notification settings)
Settings > Workflow (workflow action)
Utilities > Video (video)
Users > Users (user)
Users > Logs (activity log)

Is it not possible to strip all access and be able to enable once piece at a time based on role?

Here is example of what a user with “no access” sees… it’s quite a bit of access: