Restricting the Use of APP Commands

How to:

Server administrators can restrict the ability of other classes of users to change the APP environment. This setting is configurable for Application Administrators and Basic Users.

When this restriction is set, all user interfaces affected by this server setting, such as the Reporting Server browser interface, the Data Migrator desktop interface, and Managed Reporting, display only applications that are in the effective application search path, instead of displaying all applications defined by the server approot setting. In addition, the use of certain APP commands that users might otherwise issue to bypass the intended controls is restricted.

To ensure full administrative capabilities, the restriction is dynamically switched off when a user who has server administration rights logs on from client software or to the Reporting Server browser interface.

This capability is supported with all security settings.

Procedure: How to Restrict the Use of APP Commands

The server administrator can restrict the use of APP commands by other users.

  1. Go to the Access Control page.
  2. Expand the Roles folder for Application Administrator or Basic user.
  3. Right-click a user or group and click General Privileges.

    The General Privileges page opens.

  4. By default, the APATH privilege, Change Own Application Path (No applock) is selected. Deselect this check box to restrict the current user or group ability to use the APP commands listed below.
  5. Click Save to confirm the setting.

Once modification of the application path is blocked, use of the following APP commands is restricted for the designated user or group:

  • The following commands generate an error message:
    • APP CREATE
    • APP DELETE
    • APP RENAME
  • Although no error message is explicitly generated, the following commands are restricted if they reference an application outside of the current application path:
    • APP APPENDPATH
    • APP HOLD
    • APP HOLDDATA
    • APP HOLDMETA
    • APP MAP
    • APP PATH
    • APP PREPENDPATH
    • APP COPY
    • APP COPYF[ILE]
    • APP DELETEF[ILE]
    • APP MOVEF[ILE]
    • APP RENAMEF[ILE]