This is an example how to use PIM to prevent execution of a program once its binary file was modified for whatever reason.
This you would accomplish using the PROGRAM class, e.g.
AC> er program /opt/CA/AccessControl/bin/sesu audit(all) defaccess(none) owner(nobody)
and you want to allow only certain users to execute the binary
AC> authorize program /opt/CA/AccessControl/bin/sesu uid(tester) access(execute)