I am trying to be proactive, and warn about and then deny the security violation happens !
while I agree with being proactive - just to add some more protection for the fat fingers syndrome
Your second objective is inconsiderate, since Your approach is not certified by the audit group
You are not in the position to deny anything, RACF reigns .
( there are gazillions of dat sets protected, and It will be difficult to keep in sync Your table with RACF )
so You should expect some violations
on the other side too many violations are just a symptom of carelessness of the users.