Samiksha,
XK03 is a display transaction and does not update any tables. The only reason I can think of removing xk03 access and giving a Z tcode will be to hide certain sensitive fields (ie bank info, tax data etc).
To achieve this either use FK03/MK03 depending on your requirements. If that does not work, you can create a transaction variant using SHD0, and turn the requisite fields invisible. You can assign this variant to your Z tcode and remove authorization to XK03.
For update transactions like XK01 and XK02, you can define sensitive fields in the vendor master. Once a user changes these fields, the vendor gets automatically blocked for payment, until a superior/manager approves the changes and unblocks the vendor for payment. The config node is:
SPRO -> Financial accounting(new) -> AR and AP -> vendor accounts->master data -> prep. for creating vendor master data -> define sensitive fields for dual control