Hi,
Generally for restricting access to a business transaction requires the following.
1. Create Authorization keys, Tcode-BS52 (this is only required if you want to grant/permit access to some users)
2. Create the user status profile Tcode OIBS assign the object type "Equipment"
3. Define a user status that prevents business transaction "Change technical object". Assign authorization keys here if needed.
4. Assign the status profile to the equipment category.
5. Assign the authorization key to user role, authorization object B_USERSTAT, if needed.