The first discussion is how to use JNDI. from an attacker's point of view they will use the JNDI calls without any restrictions to cause RCE [...]

I think there is a misunderstanding here. JNDI is completely irrelevant. Even when completely removing it from the whole JVM, you can still deposit and execute arbitrary code if you have access to the relevant bits of the file system. @taromaru demonstrated it with an appender, for example. The nature of Logback's configuration file is inherently tied to executable code. Removing JNDI and JDBC does nothing to prevent this.

This is a file permission issue, nothing else.