Frequently Asked Question
Every customer has their own security policies and Plato is rarely asked about privs. However, in general:
Sysop personnel responsible for installing and maintaining Plato applications would require Full Control over application folders and contents.
A user allowed to run a Plato application needs these privs:
1) EXE, DLL and FLL files: Read and Execute
2) .INI files: Read (unless the user needs privs to update the .INI file)
3) .PAF files: Read (unless the user needs privs to update licenses)
4) .DBF/.FPT/.CDX files: Read, unless the user has privs to update lookups or other resources.
5) Destination Folders to write files: full CRUD access
Often customers will create two AD groups along the lines of Plato_Admin and Plato_user to allow different access rights to applications. As an example, plato.exe or reports.exe might only be accessible by Supervisors, not general users. But even if a user does have access to an application they should not, Plato applications have internal usage permissions so that the application simply will not run for an unauthorized user.
Database Access
All database access is by connection string. Plato does not need to know the connection string or advise customers to alter their standard database policies: any functional connection string should work. The FAQ contains latest advisories about connection strings and Database setup.
Writing Files / SMB
Some applications need to save free files to disk. The running user need full read/write/modify rights to the destination location. Unless all users need to inspect the files, access can be limited to Supervisors, authorized users or users for Scheduled apps.
SMB is unlikely to be an issue unless caching occurs but privileges are incorrect, in which case puzzling error messages may result.
Logging
If logging is enabled, Plato does not raise errors if the log file cannot be created because this has caused interfaces to fail for extended periods in the past. Instead, if the specified destination allows it then log files will be created.
The exception is files created by a user (such as a saved spreadsheet) or a submission file for a national dataset or interface engine. If these files cannot be created, an error is thrown.