A KDE Application can check if a certain Action is allowed. For example the action logout could be forbidden. So every time the logout action is performed, an application checks, if this action is allowed. Thus a user can still use an application, but certain actions are restricted to him.
These settings are stored in the kdeglobals file, in your KDE profile directory.
For my season of KDE project I had to compile a list of all currently used KDE Action Restrictions. I did a quick search throughout all KDE projects for the use of the KAuthorized framework and published my results in the confine repository. Although Confine is not finished yet, you might found this list beneficial, if you want to configure KIOSK restrictions manually.
Still a lot of KDE applications don’t support KDE Action Restrictions (anymore). For a revival of the whole KIOSK concept it would be highly beneficial, if more application are starting to use KDE Action Restrictions.