You can restrict users to using any specific components and to only see specific computers with Security Roles in the Symantec Management Platform. This would include the use of pcA Solution through the Management Console.
Additionally, you can control who can authenticate to individual hosts. Only provide the credentials of the user as a caller to just the workstations they should be accessing. This can be used for pcA Solution or pcA Corporate Ed.
Lastly, if you are using Symantec Access Server as part of your pcA implementation, host computers can be grouped when docked to the Access Server. You can specify which computer groups a user can access when they connect to the Access Server. This also applies to pcA Solution and Corporate Ed.
How To Create a Custom Security Role for Remote Control
Symantec pcAnywhere Access Server Implementation Guide (See section "Setting up host groups")