Data Access
The Data Access tab allows you, as a member of the Security Administrators role, to create a policy and apply Full, Limited, or both Full and Limited data access on SmartBox SmartObjects in your environment. You can also include associated SmartBox SmartObjects to your policy with the Include SmartBox Objects option. Data Access allows you to control which users, groups and roles can view SmartBox SmartObjects data at runtime. For more information see the SmartBox Data Access Overview topic.
Data Access Type | Description |
---|---|
Full Data Access | Allows you to specify users, roles and groups to have full access on the SmartBox SmartObject. See the Understanding Full Data Access topic for more information. |
Limited Data Access | Allows you to specify users, roles and groups to have limited read access on the SmartBox SmartObject based on its own properties or associations with another SmartBox SmartObject. See the Understanding Limited Data Access topic for more information. |
Included SmartBox Objects | Allows you to extend your Data Access policy to associated SmartBox SmartObjects. See the Understanding Included SmartBox Objects topic for more information. |
Follow these steps to add a SmartBox Data Access Policy:
- Select a SmartBox SmartObject from the Categories node and click the Data Access tab.
- On the Data Access page, click Create Policy.
- On the Data Access page, specify Full, Limited or Full and Limited data access, or extend your policy to child associated SmartBox Objects using the Included SmartBox Objects option.
Add Full Data Access
Follow these steps to add Full Data Access to your policy:
- On the Full Data Access page, click Add.
By default the Everyone and Package and Deployment roles are added in the Full Data Access section.
- On the Add Users, Groups, And Roles page, search and add a user, group or role. Click OK.
- The user, group or role now has Full Data Access on the SmartBox SmartObject.
- Enable the policy by clicking Enable Policy.
Add Limited Data Access
Follow these steps to add Limited Data Access to your policy:
You can only create a Limited Access policy on your SmartBox SmartObject using data in your SmartBox SmartObject, or data in an associated parent SmartBox SmartObject using a Many to One relationship. You can Include child SmartBox SmartObjects with either a One to One association or a One to Many association from the SmartBox SmartObject on which you have created the policy. You cannot use SmartBox SmartObjects associated via Many to Many associations, or SmartBox SmartObjects that have multiple Key properties.- On the Limited Data Access page, you have three options.
- None: No item-level security.
- This SmartBox object:[SmartBox Object]: Select this option to restrict access to data in the current SmartBox SmartObject.
- Another SmartBox object: [Set]: Select this option to populate a list of associated SmartBox SmartObjects.
- For the purpose of the example, use the This SmartBox object:[SmartBox Object option on the Country SmartBox SmartObject and the Name property as the display property.
- On the Limited Access page, the properties and data are displayed
You can specify two display properties of the returned SmartObject by clicking the Display Properties... option.
Specify a Title and Description and click OK.
- You can add users, groups and roles to your SmartBox Object properties on two views, the By Item view or the By Role view. For the purpose of this example, add users on the By Item view. Specify a user, group or role to give access to the SmartObject property and value at runtime. Click the Add User link.
- On the Add Users, Groups, And Roles page, search and add a user, group or role. Click OK.
- For the purpose of an example, Dennis is added to the United States property, meaning that, at runtime, only Dennis can see the United States data. Add more users, groups or roles to the policy as necessary.If you have multiple users, groups or roles and properties in your policy, you can search for a specific property or users, groups and roles via the Search option in the By Item or By Role views.
- Enable the policy by clicking Enable Policy.
- On the Full Data Access page, click Add.
Include SmartBox SmartObjects in your Data Access Policy
Follow the steps below to extend your SmartBox Data Access policy to associated child SmartBox SmartObjects.
- On the Included SmartBox Objects page, click Add.
- On the Add Associated SmartBox Object page, all associated child SmartBox SmartObjects are listed. Configure how many levels of associations are displayed via the Maximum Association Levels option. The default level is 3. Use the Search feature to search for an associated SmartBox SmartObjects.
- Select an associated SmartBox Object. Notice that all associated SmartBox Objects are included. The policy is extended to the Street, Suburb, City, and Country SmartBox SmartObjects. Click Select.
- Your policy is extended to the selected associated SmartBox SmartObjects, meaning that the permissions extend down to those SmartObjects based on the associations.
- Next, include or exclude the current SmartBox Object to your policy. Switching the Included SmartBox Objects toggle to Grey excludes the current SmartBox Object to your policy. Switching the Included SmartBox Objects toggle to Green, which is the default and recommended approach, includes the current SmartBox Object to your policy.
Follow these steps to edit your SmartBox Data Access Policy:
Edit a Full Data Access Policy
- Open a SmartBox SmartObject in Management that has a Full Data Access Policy enabled.
- On the Full Data Access page, Add or Remove users, groups and roles to the policy membership as necessary.
Edit a Limited Data Access Policy
- Open a SmartBox SmartObject in Management that has a Limited Data Access policy enabled.
- On the Limited Data Access page, Add or Remove users, groups and roles to the policy membership as desired or Edit the display properties of the policy.
Edit the Included SmartBox Objects
- Open a SmartBox SmartObject in Management that has Included SmartBox Objects enabled.
- On the Included SmartBox Objects page, Add or Remove associated SmartBox Objects, and Include or Exclude the current object in your Data Access Policy.You can only remove extended SmartBox objects if the current SmartBox object is marked as included. This is because you must always have at least one SmartBox object on the policy. If you choose a parent SmartBox object to remove, all child SmartBox objects are removed automatically.
Follow these steps to disable a policy from a SmartBox SmartObject
- Open a SmartBox SmartObject in Management that has a Data Access policy enabled.
- On the Data Access tab, click Disable Policy.Disabling a Data Access policy does not allow you to apply a different access policy to a SmartBox SmartObject associated with the current SmartObject if the other one is used to secure the current one. You must delete the policy before applying a different policy to the other SmartObject.
Follow these steps to remove a policy from a SmartBox SmartObject.
- Open a SmartBox SmartObject in Management that has a Data Access policy.
- On the Data Access tab, click Delete Policy.
- Click OK on the Delete Data Access Policy dialog to confirm the deletion.