12.4 Managing Access Controls for Remote Applications

Because not all remote applications can be completely trusted, it is often a good idea to limit the privileges of the remote application. This section describes how you can accomplish this.

If you are running a trusted remote application, such as an application that you are maintaining on the same server as Teaming, then you do not need to set access controls on it.

When an application is restricted to a specific role, the application can use Web services to perform only those tasks that are allowed for that role. For example, the Participant role can create new entries, modify entries that the user created, add comments to entries, and so on. Participants cannot perform system administration tasks and cannot modify other users’ entries.

To limit the remote application to privileges assigned to a specific role:

  1. Access the top workspace in the hierarchy by clicking Home Workspace (this is the default name for the top workspace).

  2. In the Workspace toolbar, click Manage > Access Control.

  3. On the Configure Access Control page, click Add an Application.

    Clicking Add an Application

  4. In the Add an Application field, use the type-to-find to specify and select the application that you want to add.

  5. Close the Add an Application panel by clicking the X in the upper right corner.

  6. In the access control table, select the check box that is located in the row of the remote application that you just added, and the column of the role that you want to assign to the application.

    Selecting the Participant check box for the application

  7. Click Save Changes > Close.

The application that you added is now restricted to those operations allowed for the role that you selected. For example, if you assigned the Participant role to the remote application, then the inheritance of workspace and folder access controls means that it is very likely that most workspaces and folders inherit this setting. Assuming that all places inherited this setting, the most powerful role the remote application can assume within the installation is that of a Participant.

If you are not sure what access control settings to assign to a particular remote application, consult with your Teaming administrator.

If your Teaming administrator has enabled multiple applications for your site, some of these applications might be grouped together in an Application Group. Application Groups are similar to groups that contain usernames. Application groups contain the names of registered applications. After a system administrator defines application groups, the workspace and folder owners can assign access-control roles to groups of applications instead of assigning roles to one application at a time.

Because workspace and folder owners can change the access control for places they own, you should communicate to your users about registered applications in the system and recommended access-control settings.