SmartBox Object

The SmartBox Object node is used to define runtime authorization rules for SmartObjects that use SmartBox, to control who may execute certain methods on specific SmartObjects at runtime. This is most often used to prevent certain users or groups from executing specific methods for a certain SmartBox-based SmartObject. For example: you may have a SmartBox-backed SmartObject that stores a list of Regions. You want to allow Administrators in your organization to add, update or delete records in this SmartObject, but all other users can only execute the List method to return a list of regions. (To define design-time security for SmartBox-based SmartObjects, please see SmartBox Security )

To set these runtime permissions, select the relevant SmartObject from the list of SmartObjects, Add one or more users/groups, and then select the allowed methods for that User/Group.

  • The authorization model uses an optimistic approach. If no permissions are defined for a SmartObject, any user can execute any method on a SmartBox-backed SmartObject. As soon as a permission is defined, only those users/groups can perform the selected operations, and no other users will be able to execute methods for the SmartObject unless they have specific permissions to do so.
  • The authorization rules in this section only apply to SmartObjects backed by the SmartBox data store. SmartObjects based on other systems usually use their own security (e.g. SQL permissions or permissions defined in the underlying data store) to restrict who may do what at runtime.
Remember that workflow server steps typically execute in the context of the K2 service account, therefore you may need to give the K2 Service Account rights to execute SmartObjects methods as well. Check with your workflow developers, if necessary.

Follow these steps to add runtime permissions that will determine which users/groups can execute particular methods for SmartBox-backed SmartObjects:

  1. On the SmartBox Object Security page, select the SmartBox-based SmartObject that you want to configure permissions for. The Object Permissions view opens. Click Add.
  2. The Configure Security for [SmartObject] page opens. From this page you will select the users/groups that you wish to configure permissions for.
  3. Click the Search drop-down and select to search for users or groups.
  4. Click the Label drop-down and select the Security Provider label you want to search on.
  5. Click the Type drop-down and select the type of search that will be performed.
  6. Type a value in the text box provided and click Search. The matching users or groups will be returned in the first view. Select a user or group and click Add.
  7. The user or group will now be listed in the second view. You can add multiple users or groups by doing a new search and clicking Add again.
  8. Click Next when you are ready to define the methods these users/groups will be allowed to execute.
  9. Select the applicable rights for each SmartObject method, and click Finish.
    10. Permission Effect
    Create Allows the user/group to execute the create method to create data, in other words add records to the specified SmartBox SmartObject.
    Save Allows the user/group to execute the save method to save data changes made to a record in the SmartBox SmartObject.
    Delete Allows the user/group to execute the delete method to remove a record from the SmartBox SmartObject.
    Load Allows the user/group to execute the load method to retrieve a single record from the SmartBox SmartObject.
    Get List Allows the user/group to execute the get list method to retrieve multiple records from the SmartBox SmartObject.
    Modify Allows the user/group to execute the modify method to modify data in the SmartBox SmartObject.

Follow these steps to remove a user or group's permissions:

  1. Select the user or group to remove by clicking the check box in front of the name.
  2. Click Remove.
  3. Click OK on the confirmation message. This will remove the assigned permissions to that user or group, as well as remove the user or group from the list.

The Save button is used to save changes made to existing Object Permissions. To edit permissions, the check boxes can be checked or unchecked per user or group. Click Save to save the permission changes made.

The Refresh button will refresh the list of Object Permissions once changes have been applied.