The suggestion is to turn the access model around from fuld viewing access to least privileged model, so per default an application owner only have access to information related to the application he/she is owner of and then make it possible to add viewing access to other relevant users.