Currently the Apollo security model of user / group dows not apply to data download capabilities.
That is either the dataset is downloadable or not.
our customers need tighter control over data download capability for users/group access.
a user or a group can have view capabilities but may not have download capabilities.
Security needs to be updated to control services access to user/group
This has been a very old long running demand, even in previous ideation and much before.
The APOLLO 2020 release included implementation of a new security role to give more control over download and CZS. The new role is esp_clip_zip_ship. See APOLLO 2020 Adminsitration Guide and APOLLO 2020 Data Manager Help for more info.