The only way I’m aware of assigning security to an application, using LifeTime, is to go into each application and then choose “Define Permissions for Specific User.” I think that’s fine when you have a couple of applications and one or two developers. Things can quickly go from good to bad as more users and applications are added.
Let’s assume all developers are part of the Developer role. Let’s also assume there are 20 applications and 10 developers (not so uncommon here). Of these 20 applications, 10 applications can only be referenced by 2 developers. To properly assign the needed security, the admin would have to go into these 10 applications and add exceptions for each of the other 8 developers. If this is a onetime event then this is probably no big deal.
Now let’s say we add a new developer. Now the admin has to remember to add exceptions for the new developer to these 10 applications. What if the admin forgets to do this? It can cause some serious audit issues.
So my idea is: Why can’t we have permissions like we have when adding Database Connections? Instead you identify the developers who have permissions to the application and leave it at that. This way, if you add a new developer, or application, security isn’t violated because somebody forgot to remove the user’s access. Any eSpace and/or extensions I add to the application are only visible to the individuals with permissions to the application. I think this would make application permissions much easier to manage.