User group security: who may have access to GuiXT scripts?

Depending on their user group or role, we want to give end users access to certain scripts and not others. Can we accomplish this other than by frontend activation and deactivation. Is it possible via the SAP backend?

Scripts can be based on user role:
Either via the "User catalog", where you can assign different script directories for different roles;
or you can use the same scripts for all users and disinguish the role by

if Q[Role=....]

The activation of GuiXT cannot be controlled directly from the SAP system. What you can do is to disable the "Activate GuiXT" item in sapgui menu via a registry entry, and also activate/deactive GuiXT there, so that the state is "frozen" unless the user changes the registry directly.