Hi Eric,
While you can definitely limit most functions and even views of users by setting their permissions and security strings accordingly (View and Change Privileges - CA Spectrum - 10.2 to 10.2.3 - CA Technologies Documentation ), you cannot avoid a login dialog with Spectrum OneClick client. Its a JNLP app and logging in with user/password is just part of the security architecture.
What would probably be more suitable in this case is creating a limited access user account and then providing it to your users to access the Spectrum Web Client via a browser. That way, the login credentials can be cached in the browser and the Spectrum Web Client can be set as the homepage so as soon as they start the browser, it appears automatically.