EnableRootSchemaAppRestrictions

Boolean

true

Purpose

When the EnableRootSchemaAppRestrictions parameter is set to true (the default value), in conjunction with the EnableAppRestrictions parameter set to false (the default value), a user cannot execute RootSchema applications from a presentation client attached to that application server but can run any other application. However, as this can potentially allow users to run applications that may not be in the best interests of your site, if the application was initiated by logic from another application, the application is allowed to run. (The EnableAppRestrictions mechanism enables you to prevent thin client users from directly executing a protected application.)

Your organization can write your own applications that then initiate protected applications. Each application can then enforce its own getAndValidateUser sign‑on security before initiating the protected application.

Any application can be initiated from the JADE development environment unless prevented from doing so by the JADE development environment security mechanisms.

When the EnableAppRestrictions parameter is set to true and the application being started is not a permitted application defined in the JADE initialization file, the following message is displayed when attempting to start the application from the JADE development environment.

Application app‑name cannot be started from the connected application server

In this message, the app‑name value is the name of the application that is required to run.

To avoid unexpected presentation client rejections, all application servers that are balancing presentation client connections within the same group must use the same value for the EnableAppRestrictions and AllowSchemaAndApp parameters.

The following EnableAppRestrictions and EnableRootSchemaAppRestrictions parameter combinations apply to the initial application initiated by a user. ('Child' applications initiated by that application are always allowed to run.)

EnableAppRestrictions EnableRootSchemaAppRestrictions Thin client user...
false false No restrictions on the applications that can be executed.
false true Cannot execute any RootSchema application but can run any other application.
true true

Can execute only applications specified using AllowSchemaAndApp<n> = <schema>,<application> parameters.

Including AllowSchemaAndApp<n> = JadeSchema,Jade or = JadeSchema does not grant the ability to execute RootSchema applications.

Any RootSchema applications that are allowed must have their own AllowSchemaAndApp<n> parameters.

true false

Can execute only applications specified using AllowSchemaAndApp<n> = <schema>,<application> parameters.

Including AllowSchemaAndApp<n> = JadeSchema,Jade or = JadeSchema grants the ability to execute RootSchema applications.

The default value of the EnableRootSchemaAppRestrictions parameter is true, which means that RootSchema applications cannot be executed by default unless they are initiated by another application such as the JADE development environment.

Parameter is read when …

The application server node is next initialized; for example, when you restart the application server.

2016.0.03 (Service Pack 2) and higher