Please note that this is an example which utilises the Eurekify universe. 

1.) In property settings search for this property: "sage.security.disable" and set it to "False". Restart the server
2.) Using the DNA, open the Eurekify.cfg file and locate any user (Cooper Amos for example) and right click on him and "Show linked entities"
3.) Remove from Cooper Amos "Basic Role" and link to Cooper Amos only these resources: a.) TmsSystem.* b.) SelfService.* c.) [Universe][R] d.) Entity Browser
4.) Save Eurekify.cfg to DB
5.) Open file:Eurekify_Resources.rdb and add a new resource with these attribures: a.) Res Name 1: [FILTER_ROLE] b.) Res Name 2: * c.) Res Name 3: Filter (add any non existing ID) d.) Description: Any description e.) Type: Filter f.) Filter 1: (rolename=Testrole)
6.) Save configuration to DB
7.) Drag the new Filter from the Eurekify_Resources.cfg to the Eurekify.cfg configuration and save it
8.) Link between Cooper Amos and the new Filter Resource you have created in Eurekify.cfg file
9.) Open the Model configuration and add a new Role with name 'Testrole'and Save the model configuration to DB
10.) Open IG web portal, login with Cooper Amos and verify in portal home page only these links(Home,Role Management,Entity Browser) are displayed to the user
11.) Click on "Entity Browser" link and Choose your Model configuration and verify on the role Testrole is displayed.
 

​For more information on how to use Filters and provide the permissions please find the documentation link https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-governance/14-1/configuring/permissions/filter-type-resources.html