It is not uncommon for organizations to provide applications based on roles. For example, users in finance may get one set of applications, and users within HR may get another set of applications.
Another scenario that is common is controlling installs and uninstalls via security groups in Active Directory. A lot has been written about the best way to populate collections. If a specific method fits your organization, then use it; you will end up with the same results.
This method of controlling applications uses a combination of inventory and security groups in Active Directory. The basic principle behind this is as follows:
Add the user to the Active Directory security group
Collection members install based on a query looking for where the software is not installed and the user is a member of the security group
Collection uninstalls based on a query looking for where the software is installed and the...