SmartBox Security

The SmartBox Security node is used to define design-time authorization rules for SmartObjects that use SmartBox as their data store, and controls who may publish, update or delete SmartObject definitions that utilize the SmartBox database. This is most often used to prevent certain users or groups from creating, updating or deleting SmartObjects that use the K2 SmartBox database as the data store. For example: you may want to allow only members of the Developers group in you organization to create (publish), update or delete SmartBox-backed SmartObjects to a particular K2 environment. Other users will not be able to create SmartBox-backed SmartObjects in that environment. (To define runtime security for SmartBox-based SmartObjects, please see SmartBox Object ).

The authorization model uses an optimistic approach. If no permissions are defined, any user can create, update and delete SmartBox-backed SmartObjects. As soon as a permission is defined, only those users/groups can perform the selected operations and no other users will be able to create, update or delete SmartBox-backed SmartObjects.

Follow these steps to add design-time permissions that will determine which users/groups can execute particular methods for SmartBox-backed SmartObjects:

  1. Click Add from the SmartBox Security view.
  2. The Configure SmartBox Administration Permissions page opens. Click the Search drop-down and select to search for users or groups.
  3. Click the Label drop-down and select the Security Provider label you want to search on.
  4. Click the Type drop-down and select the type of search that will be performed.
  5. Type a value in the text box provided and click the Searchbutton. The matching users or groups will be returned in the first view. Select a user or group and click Add.
  6. The user or group will now be listed in the second view. You can add multiple users or groups by doing a new search and clicking the Add button again. Click Next.
  7. Select the applicable permissions per user or group and click Finish.
    Permission LevelWhat does it allow the user to do?
    CreateAllows the user/group to create and deploy new SmartBox-backed SmartObjects.
    UpdateAllows the user/group to update the definitions of existing SmartBox-backed SmartObjects.
    DeleteAllows the user/group to delete existing SmartBox-backed SmartObjects.

Follow these steps to remove a user or group's permissions:

  1. Select the user or group by clicking the check box in front of the name.
  2. Click Remove.
  3. Click OK on the confirmation message. This will remove the assigned permissions to that user or group as well as remove the user or group from the list

The Save button is used to save changes made to existing SmartObject Administration Permissions. To edit permissions, check or un-check the applicable check boxes per user or group, and click Save to save the permission changes made.