How to retrict access for the app published in Cloud Foundry

In the NEO, i can manage groups and grant access as i want.

I am trying to do this in the Cloud Foundry...

I want to define access for a specific puser or suser.

Someone can tell me how can i do this?

in Trust Configuration? Roles? Manifest.yml?

I created one service application, and everyone with one suser or puser have access to it .