1. Generally speaking the permissions are set such that non-administrators only have access to their own information. The User Activity report and SystemData.Audit CASLIB contain data on all users, so this is not granted by default.
2. Yes, you can set authorizations on specific objects and tables, so you can achieve this, you would just need to add additional permission configurations.
By default the rule against the Dashboard folder is a conditional prohibit on Authenticated Users to /folders/folders/folder_id/**, so Authenticated Users have permission to see the folder, but permission is revoked to see any objects inside the folder (convey permission). As you want to grant access to a single object within the folder, you would not be able to use this rule, so you'd need to disable it which would grant users Read permission conveyed to all the objects within it. You'd then need to edit the permissions for each report in the folder and conditionally prohibit permission, with the same condition as the prohibit you disabled (prohibit Authenticated Users unless they are a member of the SAS Administrators or sasapp group)
Similarly for the SystemData CASLIB, Authenticated Users by default do not have ReadInfo permission on the library. This would need to be granted at the library level and then removed at the table level for all tables but AUDIT, which would need ReadInfo and Select granted.
--
Greg Wootton | Principal Systems Technical Support Engineer