Depends on the OS but usually you have to create a "user", make it the folder's owner and prohibit access to everyone else, which means that to access that folder the application must impersonate that user.
Very basically, the same process that allows a web server (and none else) to access its "documents" folder.