EnableRootSchemaAppRestrictions
Boolean
true
Purpose
When the EnableRootSchemaAppRestrictions parameter is set to true (the default value), in conjunction with the EnableAppRestrictions parameter set to false (the default value), a user cannot execute RootSchema applications from a presentation client attached to that application server but can run any other application. However, as this can potentially allow users to run applications that may not be in the best interests of your site, if the application was initiated by logic from another application, the application is allowed to run. (The EnableAppRestrictions mechanism enables you to prevent thin client users from directly executing a protected application.)
Your organization can write your own applications that then initiate protected applications. Each application can then enforce its own getAndValidateUser sign‑on security before initiating the protected application.
Any application can be initiated from the Jade Platform development environment unless prevented from doing so by the Jade Platform development environment security mechanisms.
When the EnableAppRestrictions parameter is set to true and the application being started is not a permitted application defined in the Jade initialization file, the following message is displayed when attempting to start the application from the Jade Platform development environment.
Application app‑name cannot be started from the connected application server
In this message, the app‑name value is the name of the application that is required to run.
To avoid unexpected presentation client rejections, all application servers that are balancing presentation client connections within the same group must use the same value for the EnableAppRestrictions and AllowSchemaAndApp parameters.
The following EnableAppRestrictions and EnableRootSchemaAppRestrictions parameter combinations apply to the initial application initiated by a user. ('Child' applications initiated by that application are always allowed to run.)
EnableAppRestrictions | EnableRootSchemaAppRestrictions | Thin client user... |
---|---|---|
false | false | No restrictions on the applications that can be executed. |
false | true | Cannot execute any RootSchema application but can run any other application. |
true | true |
Can execute only applications specified using AllowSchemaAndApp<n> = <schema>,<application> parameters. Including AllowSchemaAndApp<n> = JadeSchema,Jade or = JadeSchema does not grant the ability to execute RootSchema applications. Any RootSchema applications that are allowed must have their own AllowSchemaAndApp<n> parameters. |
true | false |
Can execute only applications specified using AllowSchemaAndApp<n> = <schema>,<application> parameters. Including AllowSchemaAndApp<n> = JadeSchema,Jade or = JadeSchema grants the ability to execute RootSchema applications. |
The default value of the EnableRootSchemaAppRestrictions parameter is true, which means that RootSchema applications cannot be executed by default unless they are initiated by another application such as the Jade Platform development environment.
Parameter is read when …
The application server node is next initialized; for example, when you restart the application server.
2016.0.03 (Service Pack 2) and higher