You can do this in following ways:
If using SBE server:
First Way: Remove user's access to the application folder in windows, ie restrict user at window level so that it does't have permission to access mounted forder of particular application.
Second Way: Use Section Access, Just add permitted user in basic windows NT authentication in section access.
If you are using EE, you can use DMS mode, in authorisation only add permitted user.