Hi Alexey,
With the help of your security team you can switch the trace 'on' on this transaction to pull the Authorization objects information and try whether it is possible to restrict on this standard tcode.
If not then you can have some customizing work with ABAPers on this logistics controlling objects.
However tracing gives more information and then you can decide what can be done next.
Thanks,
Giridhar.