How can I restrict a single user without changing their role?
The access of a user in an ABAP system is granted through the roles and associated profiles assigned to them. A role contains a defined set of access which is the same for any user assigned to that role.
If a user has different access requirements then they need to have a role developed to reflect their needs.
Depending on the specific requirement, it may be preferable to use an alternative control such as the periodic management review of a relevant report.