I'll try to explain.
There is the psft domain where for example using a browser I can login with user VP1.
I'm working on a product that interacts with psft application server, user name is one of the mandatory fields required by my application to be able to login to the psft app server.
I have a customer that has created a user to use with my application, however, he doesn't want that this user will be able to login to the domain using his browser.
My question is how, for example, I can prevent user VP1 from logging in to the domain using a browser?
Oh, you want a user capable to start AppServer only, nothing else, right ?
You could create a new user with the following roles :
1. AppServer Administrator
All of them have name clear enough to understand what they are, and should already exist by default. Choose the one(s) you need.