This really shouldn't be that difficult and maybe it's not but let me explain the situation.
We have a sharepoint 2013 application: sharepoint.mycompany.com. It is just a landing page for now- the Manager does not want any sites/subsites. On this page is a link to an Access 2013 web app that is the Customer/Orders inventory.
I have basically 2 groups of users - those who are "Contributors" - full access to Access app. The other group will be just Visitors -- allowed to see the landing page and document libraries - but NOT allowed to enter the Access app. If I give these Visitors "Read-Only" sharepoint access, they are able to get into the App. What permission level can I apply that will prevent them from launching the App?? I have checked "View Only" and "Restricted Read" but they won't let the Visitor even get to the Landing Page. I have managed to "hide" the access link to Visitors using the "target audience", but this is not enough security to keep them out.
I appreciate your guidance on this critical issue!
Regards.