David,
The basic controls are the same as at TCL:
- User rights and access permissions for the credentials used at the O.S level
- Remote Verbs - aka Security Subroutines - it is possible to limit use of any TCL command or catalogued program according to locally-defined rules.
- File triggers - it is possible to block the ability to write to file using locally-defined rules in a before-write trigger. It is even possible to log the very attempt to write as an attempted security violation.
Security Subroutines and triggers can do anything a BASIC developer can create.
I would look at a combination of triggers and security subroutines for the use-case outlined. Hopefully this helps.
Regards
John Jenkins
(ex-Rocketeer [freshly retired] )