If I add a regular user "John Doe" as application owner of an
application in IG 3.0 and then login as that user, click on Applications
-> <app owned by the user> I get a red banner that reads "Denying access
to /policy/risk/cfg/APPLICATION for user John Doe".

Same thing if I click on Users and select any user, I get "Denying
access to /policy/risk/cfg/USER for user John Doe"

I guess it has something to do with the "Risk Factors" tab.

From a demo perspective the red message is disturbing, what permission
should I grant the application owner to avoid that message from appearing?