First, the answer depends on your definition of "server". If you're talking about uploading files to a server, you probably mean a physical location to store data that SAS can access. Restricting that would typically happen at the operating system level: users would be granted/denied "write" access to that physical location in Windows, UNIX, or z/OS.
If you're talking about SAS Enterprise Guide, there is some ability through the roles feature to limit functionality that would make it easy to move data around. You can restrict "Open Data from Local Computer" and restrict the "Upload Files to Server" capabilities. You can also control through metadata security whether the user can write to libraries defined in the metadata. These measures should be used in addition to, not instead of, the OS security mentioned above.