Sandbox Content Security and Permissions

Each sandbox has its owner who is set during sandbox creation. This user has unlimited privileges to this sandbox as well as administrators. Another users may have access according to sandbox settings.

Sandbox Permissions in CloverDX Server Web GUI

Figure 22.2. Sandbox Permissions in CloverDX Server Web GUI


Permissions to a specific sandbox are modifiable in Permissions tab in sandbox detail. In this tab, selected user groups may be allowed to perform particular operations.

There are the following types of operations:

Table 22.2. Sandbox permissions

ReadUsers can see this sandbox in their sandboxes list.
WriteUsers can modify files in the sandbox through CS APIs.
Execute

Users can execute jobs in this sandbox.

Note: job executed by graph event listener and similar features is actually executed by the same user as job which is the source of the event. See details in graph event listener. Job executed by schedule trigger is actually executed by the schedule owner. See details in Chapter 30, Scheduling. If the job needs any files from the sandbox (e.g. metadata), the user also must have read permission, otherwise the execution fails.

Profiler ReadUser can view results of profiler jobs executed from the sandbox.
Profiler AdminUser can administer results of profiler jobs executed from the sandbox.

Note that these permissions modify the access to the content of specific sandboxes. In addition, it is possible to configure permissions to perform operations with sandbox configuration (e.g. create sandbox, edit sandbox, delete sandbox, etc). For details, see Chapter 21, Users and Groups.