App deny_permissions

What is the proper way to limit the permissions for an App via the info.yml file? Does deny_permissions work for register_commands? This code here doesn’t seem to restrict the app from launching for a Developer:

        params = {
        "title": menu_name,
        "short_name": short_name,
        "deny_permissions": ['Developer'],
        "deny_platforms": deny_platforms,

    # now register the command with the engine
    self.engine.register_command(menu_name, menu_callback, params)

I can’t find any clear documentation on restricting permissions for an App to certain permission groups.