а нельзя прописать ACTIVITY в полномочиях только "Создать" и не давать никаких других на тот же 2 ИТ?
чисто праздный интерес - уж очень странная необходимость

Possible values if the field is used together with one of the four first
objects (the values E, D and S may only be specified together with R):

o M (read with entry helps)

o R (read),

o S (write locked record; unlock if the last person to change the
record is not the current user),

o E (write locked record),

o D (change lock indicator),

o W (write data records)

o * (all operations).

Note:

Users with write authorization should always also have the relevant read
authorization. In other words, for each authorization level of E, D, W,
the user should also have the correct authorizations for authorization
level R.