This is a little strange this request. I'd like to understand it a little more.
First of all, if you have secured the application itself, then the user wouldn't be able to Add/Change the grid. If they don't have access to the app, then they wouldn't be able to view the grid either.
However, I am presuming that is not what you want - that you want a user that has control over a grid (View and Add/Change) to not be able to import or export to that grid.
My question is why ? If the user has access to add to the grid - why have an issue over what method they use to place data into the grid - whether its key-punched or imported from a spreadsheet ? The import function works extremely well for repetitive data entry - why take that ability away from the user ?
Then again - what about export ? So the user can VIEW the grid - and run a screenprint if necessary - but not export it to a spreadsheet for analysis ? Why would you take that ability away from them, the user would only then resort to a more inaccurate method such as re-typing the data into a spreadsheet manually.
If you are running on Citrix, you can always secure Excel/Word on that machine - which in effect would stop the import/export completely on that machine - but the grid export/import functionality is a part of the foundation code, and is likely not easily secured.
I just don't like seeing some of the core functionality of OneWorld being taken away - I personally encourage the use of that type of functionality since it differentiates OneWorld from most other ERP solutions.