SmartObject Security

The configuration of Delete rights on the SmartObject Security node is deprecated. To configure delete rights for SmartObjects, use the Authorization Framework. For more information see KB002667.

The SmartObject Security node is used to define design-time authorization rules for SmartObjects and controls who may publish (create/update) SmartObject definitions. This is most often used to prevent certain users or groups from creating SmartObjects in a particular K2 environment. For example: you may want to allow only members of the Sysadmins group in you organization to publish (create/update) SmartObject definitions in your production K2 environment. Other users will not be able to publish SmartObjects in that environment.

The authorization model uses an optimistic approach. If no permissions are defined, any user can publish and delete SmartObjects. As soon as a permission is defined, only those users/groups can perform the specified operations and no other users will be able to publish SmartObjects.