What are the guidelines for designed client access to internal resource?