This wiki page covers how to manage and restrict Application Designer security through permission lists.
The first thing to do is identify all permission lists that provide access to the APPLICATION_DESIGNER menu using the following query:
select distinct CLASSID from PSAUTHITEM where MENUNAME = 'APPLICATION_DESIGNER'
Then, for each permission list, you will need to go into the permission list and modify the PeopleTools security. The navigation is:
PeopleTools > Security > Permissions & Roles > Permission Lists. You may also want to repeat this to remove definition security by searching for all permission lists with access to the OBJECT_SECURITY menu.
There are two options here:
- Untick Application Designer Access - this takes away all access
- Go through definition/tools/miscellaneous permissions and change them to an appropriate value
Generally people need application designer access but shouldn't be able to change anything, so the second options is what is needed. Select each of the hyperlinks:
- Definition permissions
- Tools permissions
- Miscellaneous permissions
And systematically modify the access as required. You can use the buttons to grant Full/Read Only/No access but double check the result as some changes may not (i.e, there are items that can only have full or no access, not read only).
Make sure you do this for all permission lists otherwise it will not work.
See the following forum post for more information about how to determine if a user has access to application designer.