I think Compliance Manager (https://servicetrust.microsoft.com/ComplianceManager) should be restricted to users with Compliance Administrator role in the tenant. It appears that any users in the tenant can view Customer Control details and this may expose sensitive information to users unauthorized to view details.