it seems that quite a few applications (e.g. dialing from outlook) are written using the manager api. So the iuser on the windows box gets almost full rights to asterisk.
As an example, the person’s phone could be in a context allowing only national calls, and no 0900, and the same person could dial these calls from asterisk
I could imagine a solution which specifies available contexts, or maybe the associated phone, to restrict access rights