The concept behind SUDO is to allow users to run applications with privileges they normally would not have. So, if you want a user to have access to a command, you would put that command in the sudoers file. Then, by default, the user would not be able to run the other commands with elevated privileges.
I'm not sure how you would prevent a user from using a command with sudo.
If you specify a command with options/parameters, the associated user(s)/group(s) can only run this command with these exact parameters. If you further specify the path, only this exact command can be run.
This will allow user1 to run these two commands as they are without a password. It will not allow any other command, or running cleartool without a command line argument.