Reference: Overview of Beyond FTP
Remote script execution is distinct from remote administration. You may provide any user with access to a limited number of scripts without making them an administrative user, or even allowing them to change anything on the server. This allows clients to initiate pre-defined activities at the server, and operate scripts that have local access denied to the client user directly.
Beyond FTP executes a remote script by first checking to see whether it has access to the script file. If the user cannot open the script he wishes to run, he is not allowed to proceed. If the script file can be opened, Beyond FTP then creates an entry and places it in the script execution queue at the server.
Note: The script that actually runs is not necessarily the file that the user can open! This means that each user can be given access to a subset of the available scripts. The script names that are checked may be in a directory accessible only to a particular remote user. They need not contain any information. The file name is all that is checked. The user can be completely blind to the script that is actually running, other than the name you have provided.
The implication of this design is that the user does NOT require access to any Beyond FTP system directory. In fact, providing access to the Beyond FTP system directories allows a user to run ANY script.