Hello @shashanks445952 ,
You will have to make changes to the Dynamics Javascript Pages to restrict the access.
There are different pages available for each tab. You modify the pages as per your requirement.
Here is the screenshot that shows the location of Dynamic JS Pages:

In these dynamic Javascript pages you can get the operator instance and check for the permissions.
Code to get the Operator ID:
var lOperatorId = Number(request.getParameter("id"));
var qDef =
<queryDef schema="xtk:operator" operation="getIfExists" ignoreDeleteStatus="true">
<select>
<node expr="@id"/>
<node expr="[.]"/>
<node expr="@lastModified"/>
<node expr="DaysDiff(DateOnly(GetDate()), DateOnly(@lastModified))" alias="@lastUpdateInDays"/>
<node expr="@name"/>
<node expr="@email"/>
<node expr="@mobilePhone"/>
<node expr="@department"/>
<node expr="@securityZone" analyze="true"/>
<node expr="reportsTo"/>
<node expr="[@folder-id]"/>
<node expr="[@reportsTo-id]"/>
<node expr="@externalId"/>
<node expr="localOrgUnit"/>
<node expr="[@localOrgUnit-id]"/>
<node expr="@disable"/>
<node expr="[access/@noConsoleCnx]"/>
<node expr="desc"/>
<node expr="[folder/parent/@fullName]+[folder/@label]" alias="@folder"/>
<node expr="operatorGroup">
<node expr="group"/>
<node expr="[group/@type]" analyze="true"/>
<orderBy>
<node expr="group"/>
</orderBy>
</node>
</select>
<where>
<condition expr={"@id="+lOperatorId}/>
</where>
</queryDef>;
var query = xtk.queryDef.create(qDef);
operator = query.ExecuteQuery()
Then you can check the permissions by writing something like this:
xtk.folder.HasFolderWriteRight(operator.@["FOLDER_ID_HERE"]);
If the user has the right access then you can allow the user to see the pages else you can print the access denied message.
Let me know if that helps.