Sandbox Content Security and Permissions
Each sandbox has its owner who is set during sandbox creation. This user has unlimited privileges to this sandbox as well as administrators. Another users may have access according to sandbox settings.
Figure 22.2. Sandbox Permissions in CloverDX Server Web GUI
Permissions to a specific sandbox are modifiable in Permissions tab in sandbox detail. In this tab, selected user groups may be allowed to perform particular operations.
There are the following types of operations:
Table 22.2. Sandbox permissions
|Read||Users can see this sandbox in their sandboxes list.|
|Write||Users can modify files in the sandbox through CS APIs.|
Users can execute jobs in this sandbox.
Note: job executed by graph event listener and similar features is actually executed by the same user as job which is the source of the event. See details in graph event listener. Job executed by schedule trigger is actually executed by the schedule owner. See details in Chapter 31, Scheduling. If the job needs any files from the sandbox (e.g. metadata), the user also must have read permission, otherwise the execution fails.
|Profiler Read||User can view results of profiler jobs executed from the sandbox.|
|Profiler Admin||User can administer results of profiler jobs executed from the sandbox.|
Note that these permissions modify the access to the content of specific sandboxes. In addition, it is possible to configure permissions to perform operations with sandbox configuration (e.g. create sandbox, edit sandbox, delete sandbox, etc). For details, see Chapter 21, Users and Groups.