i think this would meet most requirement except if i add add a user as banned to the app, they are banned from all api that app has access to