HTML5 application deployed in a neo subaccount is accessible for any user who have access to BTP. They don't need to be part of same global account, subaccount or any relation at all.
One of the way to restrict is using application permissions. But this will introduce lot of maintenance. Every time there is a new user, that needs to be updated in BTP. This solution is not feasible in our case.
Basically we need to deploy a HTML5 application which should be accessible only for people who are part of same account. We don't ant to introduce new roles and permissions. Is there any way to handle these kind scenarios? I always assumed this is how it was by default but now realized that I am wrong.
I am hoping there will be something in neo-app.json which would help us to do this. Any help on this topic is appreciated. Thanks.