Because not all remote applications can be completely trusted, it is often a good idea to limit the privileges of the remote application. This section describes how you can accomplish this.
If you are running a trusted remote application, such as an application that you are maintaining on the same server as Teaming, then you do not need to set access controls on it.
When an application is restricted to a specific role, such as the Participant role, then the application can use Web services to perform only those tasks that are allowed for a Participant, including creating new entries, modifying entries that the user created, adding comments to entries, and so on. Participants cannot perform system administration tasks and cannot modify other users’ entries.
To limit the remote application to privileges assigned to a specific role:
Access the top workspace in the hierarchy by clicking
(this is the default name for the top workspace).In the Workspace toolbar, click
> .On the Configure Access Control page, click
.In the
field, use the Type-to-Find feature to specify and select the application that you want to add.Close the
panel by clicking the in the upper right corner.In the access control table, select the check box that is located in the row of the remote application that you just added, and the column of the role that you want to assign to the application.
Click
> .The application that you added is now restricted to those operations allowed to the role that you selected. For example, if you assigned the Participant role to the remote application, then the inheritance of workspace and folder access controls means that it is very likely that most workspaces and folders inherit this setting. Assuming that all places inherited this setting, the most powerful role the remote application can assume within the installation is that of a Participant.
If you are not sure what access control settings to assign to a particular remote application, consult with your Teaming administrator.
If your Teaming administrator has enabled multiple applications for your site, some of these applications might be grouped together in an Application Group. Application Groups are similar to groups that contain usernames. Application groups contain the names of registered applications. After a system administrator defines application groups, the workspace and folder owners can assign access-control roles to groups of applications instead of assigning roles to one application at a time.
Because workspace and folder owners can change the access control for places they own, you should communicate to your users about registered applications in the system and recommended access-control settings.
If you have a number of applications registered in the system, you should strongly consider creating application groups. Application groups are similar to groups that contain usernames. Application groups contain the names of registered applications. After a system administrator defines application groups, the workspace and folder owners can assign access-control roles to groups of applications instead of assigning roles to one application at a time.