12.4 Managing Access Controls for Remote Applications

Because not all remote applications can be completely trusted, it is often a good idea to limit the privileges of the remote application. Because Novell Vibe administrators are responsible for creating and enabling the remote application for the Vibe site, they are also responsible for setting up access controls on the remote application.

Before you modify the access control settings of remote applications for a specific workspace or folder, you should consult with your Vibe administrator to ensure that what you plan to do is safe.

When an application is restricted to a specific role, the application can use Web services to perform only those tasks that are allowed for that role. For example, the Participant role can create new entries, modify entries that the user created, add comments to entries, and so on. Participants cannot perform system administration tasks and cannot modify other users’ entries.

To limit the remote application to privileges assigned to a specific role:

  1. Navigate to the folder or workspace where you want to set the access control settings on the remote application.

  2. Click Workspace > Access Control or Folder > Access Control.

  3. On the Configure Access Control page, click Add an Application.

    Clicking Add an Application
  4. In the Add an Application field, use type-to-find functionality to specify and select the application that you want to add.

  5. Close the Add an Application panel by clicking the X in the upper right corner.

  6. In the access control table, select the check box that is located in the row of the remote application that you just added, and the column of the role that you want to assign to the application.

    Selecting the Participant check box for the application
  7. Click Save Changes > Close.

The application that you added is now restricted to those operations allowed for the role that you selected. For example, if you assigned the Participant role to the remote application, then the inheritance of workspace and folder access controls means that it is very likely that most workspaces and folders inherit this setting. Assuming that all places inherited this setting, the most powerful role the remote application can assume within the installation is that of a Participant.

If you are not sure what access control settings to assign to a particular remote application, consult with your Vibe administrator.

If your Vibe administrator has enabled multiple applications for your site, some of these applications might be grouped together in an Application Group. Application Groups are similar to groups that contain usernames. Application groups contain the names of registered applications. After your Vibe administrator defines application groups, you as a workspace and folder owner can assign access-control roles to groups of applications instead of assigning roles to one application at a time.