Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
13 replies
Subscribers
9 subscribers
Views
3664 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Administration
How can we easily remove the Designer portal for production system hardening? T
William
over 11 years ago
How can we easily remove the Designer portal for production system hardening? This is an audit requirement that the Designer portal should be "switched-off" by default. When there is a need to perform those Administration tasks like Application import etc, the system administrator can reactivate it or restore it back....
OriginalPostID-69338
OriginalPostID-69338
Discussion posts and replies are publicly visible
Parents
0
Eduardo Fuentes
Appian Employee
over 11 years ago
You could "disable" it at the web server level, for instance, in Apache you would be created a rewrite rule to prevent users from accessing requests of type /designer.
Another option would be a servlet filter plug-in. I actually have one that I created for a different requirement but that can work for yours as well:
forum.appian.com/.../84700
The way it works is:
1. You create a group, let's say "Custom Designers Group" (this name can be any name)
2. You need to have a constant called CUSTOM_DESIGNERS_GROUP (the constant has to match this exact name per the servlet filter's code) that will point to the group from step #1
3. You deploy the servlet filter plug-in
4. Only the "Administrator" account and members of "Custom Designers Group" will have access to /suite/designer/*. The main difference with the Designers group is that even if the account is a system administrator or part of the Designers group, if his username is not the word "Administrator" or he doesn't belong to "Custom Designers Group" then he will have no access to /suite/designer.
5. If a user needs to access the Designer portal then you can login using the "Administrator" username and add him/her to this custom group or simply uninstall the plug-in.
The JAR comes with the source code so you can modify it and adjust it to your needs.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Reply
0
Eduardo Fuentes
Appian Employee
over 11 years ago
You could "disable" it at the web server level, for instance, in Apache you would be created a rewrite rule to prevent users from accessing requests of type /designer.
Another option would be a servlet filter plug-in. I actually have one that I created for a different requirement but that can work for yours as well:
forum.appian.com/.../84700
The way it works is:
1. You create a group, let's say "Custom Designers Group" (this name can be any name)
2. You need to have a constant called CUSTOM_DESIGNERS_GROUP (the constant has to match this exact name per the servlet filter's code) that will point to the group from step #1
3. You deploy the servlet filter plug-in
4. Only the "Administrator" account and members of "Custom Designers Group" will have access to /suite/designer/*. The main difference with the Designers group is that even if the account is a system administrator or part of the Designers group, if his username is not the word "Administrator" or he doesn't belong to "Custom Designers Group" then he will have no access to /suite/designer.
5. If a user needs to access the Designer portal then you can login using the "Administrator" username and add him/her to this custom group or simply uninstall the plug-in.
The JAR comes with the source code so you can modify it and adjust it to your needs.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Children
No Data