How to restrict a user from accessing a particular application?

There should be a better way to do this (maybe with AppArmor?) but you can always change the permissions of the executable. Suppose you want to disable access to nano. Their default permissions are as follows:

 ➜  ls -la /bin/nano
-rwxr-xr-x 1 root root 192008 Oct  1 15:12 /bin/nano

It can be executed by owner, group and others. To maintain only owner execution you can use

sudo chmod g-x /bin/nano
sudo chmod o-x /bin/nano

After this, if you execute it in a terminal as an ordinary user:

 ➜  nano
bash: /usr/bin/nano: Permission denied

Please note that this is not a bullet-proof solution. If the application you want to lock has other entry points they could still be accessed. For example, if you tried the same trick with Firefox:

 ➜  ls -la /usr/bin/firefox
lrwxrwxrwx 1 root root 25 Jan 17 08:26 /usr/bin/firefox -> ../lib/firefox/firefox.sh

Even if you limited access to /usr/bin/firefox, as it is just a link to /usr/lib/firefox/firefox.sh it could be still be executed by there (or using /usr/lib/firefox/firefox, which is used in the .sh file).