Security
The Security tab allows you, as a member of the security administrators role, to apply SmartObject Authorization on SmartObjects in the Categories node. This allows you to control which users, groups and roles can view, modify, delete and apply security to SmartObjects in your environment. For more information see the Authorization Overview topic. You can also apply SmartBox Method Permissions, which allows you to configure which users, groups or roles can execute specific methods of SmartBox-based SmartObjects.
SmartObject Rights | Description |
---|---|
View | Browse to and view the SmartObject in K2 Designer. |
Modify | Design-time right that controls who may edit, rename and move SmartObjects in the K2 Designer. |
Delete | Allows you to control who can delete the SmartObject in K2 Designer and K2 Management. |
Security | As the creator of SmartObjects, you can assign Security rights to SmartObjects, which allows others to manage the object's security, including assigning View, Modify, Delete and Security rights. |
Follow these steps to add authorization to a SmartObject:
- Select a SmartObject from the Categories node and click the Security tab.
- On the Security page, add a user or group by clicking the Add button.
- On the Add Users, Groups, And Roles page search and add a user or group. Click OK.
- Specify the user, group or role's View, Modify, Delete, and Security rights. If the SmartObject is inheriting rights from its parent folder, the following rights are available: Allow, Deny and Inherited Allow. If the inheritance is broken the following rights are available: Allow, Deny and None.
- Add more users, groups and roles to the Security page if desired. Click Close.
When specifying users, groups and roles for SmartObject Authorization, the Everyone Role is added during installation, providing all authenticated users, the ability to view the SmartObject. Best practice would be to modify the Everyone Role's view rights to None on the Categories folder, and grant permissions to users, groups and roles according to your organizations requirement on the SmartObject.
Follow these steps to edit authorization in a SmartObject:
- Select a SmartObject from the Categories node.
- On the Security tab, add a new user, group and role or edit existing users and rights.
Follow these steps to remove authorization on a SmartObject:
- Select a SmartObject from the Categories node.
- Select a required user, group or role from the Security section and click Remove.
SmartBox Method permissions allows you to configure which users and groups can execute methods of SmartBox-based SmartObjects.
You can use this to prevent users or groups from executing specific methods of SmartBox-based SmartObject. For example, you may have a SmartBox-based SmartObject that stores a list of regions. You want to allow administrators in your organization to add, update or delete records in this SmartObject, but all other users should can only be able to use the list method to return a list of regions.
- The authorization model uses an optimistic approach. If no permissions are defined for a SmartObject, any user can execute any method on a SmartBox-backed SmartObject. As soon as you define a permission is defined, only those users and /groups can perform the selected operations, and no other users will be able to execute methods for the SmartObject unless they have specific permissions to do so.
- The authorization rules in this section only apply to SmartBox SmartObjects. SmartObjects based on other systems usually use their own security (for example SQL permissions) to restrict who may execute methods.
Follow these steps to add runtime permissions that determine which users and groups can execute methods for a SmartBox-based SmartObject:
- On the SmartBox Method Permissions section and click Add.
- The Configure Security page opens. Select the users or groups to configure permissions for. Search and add a user or group and then click Next.
- Select the rights for each SmartObject method and click Finish.
Permission Effect Create Allows you to create data, necessary to add records to the SmartObject. Save Allows you to save changes made to SmartObject data. Delete Allows you to remove a record from the SmartObject. Load Allows you to retrieve a single record from the SmartObject. Get List Allows you to get multiple records from the SmartObject. Modify Allows you to modify data in the SmartObject, similar to saving changes.
Follow these steps to remove permissions:
- Select the user or group to remove by clicking the check box in front of the name.
- Click Remove.
- Click OK on the confirmation message. This removes the assigned permissions for that user or group, removes the user or group from the list.
Use the Save button is used to save changes you've made to existing permissions. To edit permissions, check or uncheck each user or group. Click Save when you're finished making permission changes made.
Use the Refresh button to refresh the list of Method Permissions once you've applied your changes.