Understanding Limited Data Access

This scenario illustrates the use of Limited Data Access in SmartBox Data Access Policies on SmartBox SmartObjects in K2 Management.

In the previous scenario, you added Dennis, the Global Human Resources Director, to a Data Access policy with Full Data Access on the Region and Country SmartBox SmartObjects. He is able to view all the data for these SmartBox SmartObjects.

In this scenario, Bob, who is the Human Resources Manager for the Americas region, is only required to access the data on the Region and Country SmartBox SmartObjects for this region. To achieve this, you must give him Limited Data Access on the Region and Country SmartBox SmartObjects.

Remember in order to add Data Access Policies to SmartBox SmartObjects, you need to be a member of the Security Administrators role.

The SmartObjects

The Region and Country SmartObjects are designed as follows:

Create the association on the Country SmartObject by defining the following settings in the Associations page in the K2 Designer.

Finish designing the SmartObjects, generate an Editable List View for each one, and then create a form containing both views. Fill in some region data and save it, refresh the form, and then fill in some country data. This data helps illustrate the scenario.

Dennis, the one with full access to all data in these SmartObjects, sees the following on the Countries and Regions form:

Steps to Configure Limited Data Access

Follow the steps below to apply a policy with Limited Access for Bob on the Region and Country SmartObjects.

  1. Open the Region SmartBox SmartObject in K2 Management and click the Data Access tab.

    Notice that Full Data Access is still enabled for Dennis, as he is the Global HR Director. You want to limit the data that Bob is able to access on the Region and Country SmartBox SmartObjects. Data access policies can contain both Full Data Access and Limited Data Access settings.

  2. On the Limited Data Access section, click Choose SmartBox object....
  3. On the Configure Limited Data Access page, choose the Default SmartBox SmartObject which is Region.
  4. Select Name as the Primary Display Property and click Select.
  5. On the Limited Access section, select Americas and click Add User.
  6. On the Add Users, Groups, And Roles page search and add Bob. Click OK.
  7. Bob is added to the Americas. These means he only sees the Americas region in the Region SmartObject.
  8. Make sure the Region Data Access policy is enabled, and then open the Country SmartBox SmartObject and click the Data Access tab.
  9. On the Limited Data Access section, click Choose SmartBox object....
  10. On the Configure Limited Data Access page, click Choose SmartBox object. Then click the Region association, the Name as the Primary Display Property, and then click Select.
  11. On the Limited Access section, select Americas. Add Bob to the Americas limited access by clicking Add User.
  12. Enable the policy by clicking Enable Policy.
  13. When Bob runs the Countries and Regions form, which contains data from the Region and Country SmartObjects, he only sees data for the Americas region.