Service Instances Security

The Service Instances Security node is used to define design-time rules for service instances and service types to provide extra security to SmartObjects and increased granularity of control for the management of service types and service instances. This allows you as a member of the security administrators role to control who is allowed to manage service types and service instances and who can consume service instances within the design of their SmartObjects. The Create right is required to create a new Service Instance and the View right is required to use a Service Instance in a SmartObject. For more information see the Authorization Overview topic.

Consider the following when assigning rights in the different nodes in Management:

  • Service Instances Security - Serves as the root level from where rights are inherited and is useful where rights must apply across all service types and service instances.
  • Service Types - Inherits rights from the service instances security level.
  • Service Instances - Inherits rights from its associated service type.

Inheritance can be broken on both the service type and service instance level by going into the respective object's UI in Management, selecting it from the list and clicking Security at the top. See Considerations and Best practices for managing security permissions for considerations and best practices when assigning rights and managing permissions.

While it is possible to give users and groups rights directly on service types and service instances, you should preferably create roles, and then assign rights to roles, because this will make subsequent security administration easier.


Service instances security level rights Description
View View and use items at design time in K2 Management and K2 Designer
Create Create service types and service instances in K2 Management
Modify Update items in K2 Management
Delete Delete items in K2 Management
Security As the creator of service types and service instances, you can assign Security rights to those items, which allow others to manage the item's security, including assigning View, Create, Modify, Delete and Security rights