Out of the box, Drupal provides highly granular permissions for administration and user tasks like creating content types, posting comments, viewing user profiles, and much more. With hundreds of discrete permissions to control out of the box, it's hard to believe that there are some things administrators can't control by default. Shocking, though, it's true: quite a few of Drupal's built-in administrative pages fall under the umbrella "Administer Site Configuration" permission. If you're looking for more granular access control, you'll need to write a custom module and cosy up to the
hook_menu_alter() function... or download the Custom Permissions module.
As one might expect from its name, Custom Permissions doesn't hard-code an explicit list of permissions when it's enabled. Instead, it provides a settings screen where administrators can enter the paths individual pages (or groups of pages) that they want to limit access to. You can enter the name of the permission, a list of paths (including wildcards if you'd like to control a path and all of its sub-pages), and... that's it! Once you've configured your list of permissions and the paths they control, the permission names appear on the normal Drupal permissions administration page.
Custom Permissions is a simple, streamlined module that does what it says on the tin. While it's possible to use
hook_menu_alter() in your own custom module to accomplish the same goal, it's another option to eliminate custom code with minimal overhead.