Application Administration as a security tool

Do not use Application Administration as a security tool.

Application Administration was designed for customizing the functions available on your client PC. You should not use Application Administration for administering security on your client PC for these reasons:

• Application Administration uses the Windows^® registry to cache restrictions on the client PC. A skilled user who is restricted from a function by Application Administration could obtain access to the function by editing the registry.

• If multiple interfaces exist to the same resource, restricting a single interface through Application Administration does not restrict the other interfaces to the same resource. For example, you can restrict a user from accessing the database function of iSeries™ Navigator through Application Administration. However, the user can still access database files by using other database interfaces, such as Open Database Connectivity (ODBC) or database control language (CL) commands.

Parent topic: