The user classes, e.g., *USER and *SYSOPR, have practically nothing to do with the authority for those commands. They mostly have nothing to do with authority for any commands at all.
They do have some purposes though.
First, when CRTUSRPRF is run, the USRCLS() parameter value is used by the command itself to assign a set of "special authorities" for the SPCAUT() parameter. You may accept the default set or change them in any way that you are authorized to do.
Next, for system menus and system UIM panels, the USRCLS() setting is used to determine which menu options are made available or which panel elements will be displayed. If a *USER user profile goes to the MAIN system menu, some of the options will be missing. If a *SYSOPR user goes to the MAIN menu, more of the menu options will be shown.
In any case, for nearly all commands at <i>most sites</i>, it will be the *PUBLIC authority that has greatest effect. Primary exceptions will be users who have a SPCAUT() value that includes *ALLOBJ. Secondary exceptions will be users who have been granted private authority to the commands. In both primary and secondary, those can be for either the user profiles themselves or for any group profiles assigned to the user profiles.
If a user can obtain *ALLOBJ special authority, all bets are off. No *USER nor *SYSOPR user class profile should have *ALLOBJ special authority.
Without knowing the special authorities that are assigned to the particular users who you are trying to control, there's no way for us to tell you how to control them.