SmartBox Security

The SmartBox Security node is used to define design-time authorization rules for SmartObjects that use SmartBox as their data store, and controls who may publish, update or delete SmartObject definitions that utilize the SmartBox database. This is most often used to prevent certain users or groups from creating, updating or deleting SmartObjects that use the K2 SmartBox database as the data store. For example: you may want to allow only members of the Developers group in you organization to create (publish), update or delete SmartBox-backed SmartObjects to a particular K2 environment. Other users will not be able to create SmartBox-backed SmartObjects in that environment. (To define runtime security for SmartBox-based SmartObjects, please see SmartBox Object )


The authorization model uses an optimistic approach. If no permissions are defined, any user can create, update and delete SmartBox-backed SmartObjects. As soon as a permission is defined, only those users/groups can perform the selected operations and no other users will be able to create, update or delete SmartBox-backed SmartObjects.