Hallo,
also in dem Dokument ist es doch beschrieben, wie man einzelne Funktionen sperrt:
Suppose you want to secure Option 1 only from the SYS REQ menu. The commands behind the SYS REQ options are shown below:

1. Display sign on for alternative job . . . . . .TFRSECJOB
2. End previous request . . . . . . . . . . . . . . .ENDRQS
3. Display current job. . . . . . . . . . . . . . . .DSPJOB
4. Display messages . . . . . . . . . . . . . . . . .DSPMSG
5. Send a message . . . . . . . . . . . . . . . . . .SNDMSG
6. Display system operator messages. . . . . DSPMSG QSYSOPR
7. Display work station user. . . . . . . . . . . .DSPWSUSR

80. Disconnect job. . . . . . . . . . . . . . . . . . DSCJOB
90. Sign off . . . . . . . . . . . . . . . . . . . . SIGNOFF

The command performed by Option 1 is TFRSECJOB . To keep most users from using Option 1, on the OS/400 or i5/OS command line type the following:

GRTOBJAUT OBJ(QSYS/TFRSECJOB) OBJTYPE(*CMD) +
USER(*PUBLIC) AUT(*EXCLUDE)