You need to restrict or remove access to the debugger in the SAP roles.
The S_DEVELOP authrisation object controls access to the debugger.
You can locate the roles that contain the S_DEVELOP authorisation object using the SUIM report "Roles by Authorisation Values".
You should edit all user assigned roles that contain S_DEVELOP and ensure that it is set to include a range of values for field "Object Type", that excludes the DEBUG value:
4 to DE
DEVC to Z
Z to $TM
i.e. missing out DEBUG.
NOTE: The above is based on SAP R/3 4.7.
This will prevent access to the debugger.