Well STRQM is just an object so exclude authority to the command.
Enter wrkobj strqm then select option 5 to see the current authority.
Press F12 to back out then select option 2 to Edit authority.
Change Public to *EXCLUDE.
Note from the Edit Object Authority screen you can also press F6 to add individual users to use the command if you have any exceptions.
Also, note STRQM menu option 10, Work with Query Manager profiles. This brings up a list of profiles that you can set for particular options. In particular, review option 2=Change for any profile.
Examine the elements that you can alter. Scroll to the end and check out ‘Select allowed SQL statements’ for Yes or No. This allows you to control which SQL statements may (or may not) be run by any of the profiles that you are authorized to.
You might want some profiles to have access to STRQM but only for SELECT statements — restricting UPDATE, DELETE, etc.