If the client calls CoInitializeSecurity(), the security values for authentication and authorization for the process are set. If a fine-grain security control is required on the calls to individual interfaces, the client can achieve this by invoking security functions on each of the interface proxies. The main security interface to achieve this on the client side is IClientSecurity. You can obtain it by doing a QueryInterface() on an interface from the remote object for IID_IClientSecurity. In reality, since every remote object method invocation goes through a proxy managed by a proxy manager (who actually aggregates the proxy object), the proxy manager will intercept and provide this interface.
Once the IClientSecurity interface is obtained, the client can change the security blanket for this single proxy instance by first using the IClientSecurity::CopyProxy() method to create a new instance of the proxy, and then using the IClientSecurity::SetBlanket() method of the interface to alter the blanket. It's important to make a copy of the proxy before setting its security blanket to avoid contention with other portions of the process that may be setting the security blanket to other values.
There are wrapper functions available which call the IClientSecurity methods, these include CoSetProxyBlanket(), CoQueryProxyBlanket(), and CoCopyProxy().
Clients can call CoQueryProxyBlanket() to inquire about the existing security blanket on a proxy, CoSetProxyBlanket() to set a new security blanket on a proxy, and CoCopyProxy() to obtain a proxy copy on which a security blanket can be set without contention.