Modules Vs Applications

I have a large application. Many tables, but just a few are used by external groups.

3 user groups. 1 Internal, 2 External. One external group is Clients and they need

access to some info about their account. I just can’t have them access anyone else’s info or other system info.

From a security standpoint, does it make sense to split things out? The external user has access to their account

(model = Client) and (model = Itemlist). I now have an app "client" that has a model for Client and List

and my internal application "myapp" has a model based on the same tables. Is this bad form?

The external user can log in and see their account, edit a few attributes and add or delete items from their list.

I have implemented so far as 3 seperate apps, but this to me does not make sense as the models and database for

the 2 apps are the same as the main internal app.

I really want the url for the client to be… and internally our url will be

Any advice or suggestions?