Use these commands in wsadmin to prevent users and groups from accessing a destination.
To remove a user or group's permission to access a destination, remove them from the appropriate destination role or roles.
You can use this task to remove users and groups from local and foreign destination roles.
$AdminTask removeUserFromDestinationRole
{-type destinationType
-bus busname
-foreignBus foreignBusName
-destination destinationName
-role roleName
-user userName}
$AdminTask removeGroupFromDestinationRole
{-type destinationType
-bus busname
-foreignBus foreignBusName
-destination destinationName
-role roleName
-group groupName}
$AdminConfig save