You can restrict anyone with strong privileges (even sys user), to select data by creating a realm "around" objects that you want to protect (it can be schema, table etc.). You just need to create a realm in dva, and as protected objects, you should select what you want to protect.
After that, you can authorize users that can use their privileges like "select any table" against protected objects. Anyone with strong privilege, but without realm authorization cannot read data.
N.B. Users with object privileges are not restricted! So anyone who has object privilege on protected objects will still be able to access that data. However, after realm is created, only realm owners will be able to grant object privileges on protected objects.
If you want to restrict users from canceling audit on specific or all objects in the database, you should create a command rule that will secure NOAUDIT command. You can choose whether you want to restrict on all objects (%) or on specific objects. Of course, you first need to create a rule set that will check which users will still be able to issue this command (for instance rule will check whether user has a role "usr_naudit". If he has, he can execute NOAUDIT).