You would be correct. If you’re using the register command native, you can switch the final parameter to
true so only players can run it.
I imagine the CFG file would look something like this:
add_ace group.limited command deny # deny all commands
add_ace group.limited command.fix allow # only allow them access to /fix
add_principal identifier.ip:127.0.0.1 group.limited # add them to the "limited" group
Note: Haven’t tested it or anything but, I imagine it would work. I think @Briglair tried doing something like this and I’m not sure if he got it working.