EnableAppRestrictions

Boolean

false

Purpose

When the EnableAppRestrictions parameter is set to false (the default value), all applications can be executed from any presentation client attached to that application server. However, as this can potentially allow users to run applications that may not be in the best interests of your site, if the application was initiated by logic from another application, the application is allowed to run.

Your organization can write your own applications that then initiate protected applications. Each application can then enforce its own getAndValidateUser sign‑on security before initiating the protected application. This EnableAppRestrictions mechanism enables you to prevent thin client users from directly executing a protected application.

Any application can be initiated from the JADE development environment unless prevented from doing so by the JADE development environment security mechanisms.

Set the EnableAppRestrictions parameter to true to specify that only the schemas and optional applications specified in the AllowSchemaAndApp<n> parameters can be executed from presentation clients attached to the application server. If the application is initiated by logic from another application, the application is allowed to run.

For details about specifying a connection timeout period for a specific schema and optional application when this parameter is set to true, see the ConnectionTimeout parameter, earlier in this section.

When the EnableAppRestrictions parameter is set to true and the application being started is not a permitted application defined in the JADE initialization file, the following message is displayed when attempting to start the application from the JADE development environment.

Application app‑name cannot be started from the connected application server

In this message, the app‑name value is the name of the application that is required to run.

To avoid unexpected presentation client rejections, all application servers that are balancing presentation client connections within the same group must use the same value for the EnableAppRestrictions and AllowSchemaAndApp parameters.

The following EnableAppRestrictions and EnableRootSchemaAppRestrictions parameter combinations apply to the initial application initiated by a user. ('Child' applications initiated by that application are always allowed to run.)

EnableAppRestrictions EnableRootSchemaAppRestrictions Thin client user...
false false No restrictions on the applications that can be executed.
false true Cannot execute any RootSchema application but can run any other application.
true true

Can execute only applications specified using AllowSchemaAndApp<n> = <schema>,<application> parameters.

Including AllowSchemaAndApp<n> = JadeSchema,Jade or = JadeSchema does not grant the ability to execute RootSchema applications.

Any RootSchema applications that are allowed must have their own AllowSchemaAndApp<n> parameters.

true false

Can execute only applications specified using AllowSchemaAndApp<n> = <schema>,<application> parameters.

Including AllowSchemaAndApp<n> = JadeSchema,Jade or = JadeSchema grants the ability to execute RootSchema applications.

Parameter is read when …

The application server node is next initialized; for example, when you restart the application server.

To avoid unexpected presentation client rejections, all application servers that are balancing presentation client connections within the same group must use the same value for the EnableAppRestrictions and AllowSchemaAndApp parameters.