This is easily implemented with user groups. Make a user group for each application. Then make the executable file for that application owned by the root user account and the application's group. Then make the application's group permissions x or rx. If someone is allowed to use this application then give that user membership in the application's group.
For example, let's say that we want to restrict access to firefox. We want user01 to be able to use firefox. We don't want user02 to be able to use firefox. You need to be logged on as root to do these commands.
First, make a user group for firefox.
Now find the firefox executable and make it owned by the root account and the firefox group. Let's say that firefox is installed in /opt/firefox and the firefox executable is /opt/firefox/firefox.
Code:
chown root:firefox /opt/firefox/firefox
Now you make firefox executable for the firefox group and not for others.
Code:
chmod -c u+rx,g+rx,o-rwx /opt/firefox/firefox
Now give user01 membership in the firefox group. First we have to find out what groups user01 already belongs to so that we can copy them back when we issue the usermod command.
Code:
groups user01
users disk
usermod -G disk,firefox user01
groups user01
users disk firefox
Now that user01 is a member of the firefox group it will be able to execute the firefox executable. Since user02 does not belong to the firefox group user02 will not be able to execute firefox.
In general, when you have a resource that you want to give access for some accounts and not others you can create a user group for that resource and then add or remove membership in that group to control access.