We have PAN rules in ACF2 to secure CA 7 commands.  If  a person is removed from the CA 7 ACF2 rules, would that prevent them from demanding or submitting a job through CA 7?

When a user is removed from the ACF2 rules for CA 7 commands (such as DEMAND or SUBMIT), the user can no longer perform commands to submit a job in CA 7.  

To remove a user's ability to perform these actions or any other desired CA 7 commands, follow these steps:

1.  Identify the relevant resource rules and determine which ACF2 resource rules are associated with the specific CA 7 commands you wish to secure. 
2.   Update the ACF2 resource rule-- Work with the Security Administrator to remove the specific user (or their UID) from the ACF2 rule for those resources.
3.   Reload the rules -- Once the rule is updated and reloaded in ACF2, the user will no longer be able to execute those commands in CA 7.