currently the client security settings matches the security settings for collections. IMHO it would make more sense if I could define for each application, which user role is required to access it.
Just took a look at the Client Security Policy page, and it does seem a little confusing.
Could you raise a JIRA as to what you would like to see?
Retrieving data ...