# Controlled Tool Access (allowed executables)

The **Controlled Tool Access** feature allows a project admin to specify a controlled list of tools at the project level that limits what can be run by users in that project. This benefits customers who have clinical GxP requirements and want a locked-down workflow experience.

To enable this feature a project admin needs to specific a list of tool IDs in the command line using the following syntax:

```shell
dx api project-xxx update '{"allowedExecutables":["app-yyy","app-zzz"]}'
```

You can find the app and workflows IDs by running:

```shell
dx describe appname
```

To update the list, you must re-enter the entire list.

To view the list of allowed executables in a project use:

```shell
dx describe project-id
```