After creating a role, a customized profile, I can't remove the ability for the profile to allow to READ Check Point user objects. Is there a way around that or by design?
I suggest you start with R80 admin guide [P.25] - "Assigning Permission Profiles to Administrators"
and later select the relevant settings [P.26] - "Configuring Customized Permission"
The answers are there... :-)
Retrieving data ...