Hello Alok,
Here are two approaches as we can see
1)If you dont want user to logon to CRM GUI, then deactivate (click on deactivate in logon data tab) the password on ABAP side then user wont be able to login directly from SAP
and if you are using SSO ,login/disable_password_logon.
2) If you dont want user to perform any type of transactions/activties then you need to set up Authorization objects and status profiles defined for the specific roles.
Regards,
Ravi