First of all, let me say that Command Restrictions should be defined in one place only for each user. You can set up different groups for the different levels of users, and set the Command Restrictions on those groups. Then add users to those groups according to their needs.
All other groups should be based only on Resource availability.
However, in the meantime, you can use this universe to query your repository for Command Restrictions.
MichaelWelter 
(BOB member since 2002-08-08)