Sandbox Content Security and Permissions

    Each sandbox has its owner who is set during sandbox creation. This user has unlimited privileges to this sandbox as well as administrators. Another users may have access according to sandbox settings.

    sandboxes permissions
    Figure 105. Sandbox Permissions in CloverDX Server Web GUI

    Permissions to a specific sandbox are modifiable in Permissions tab in sandbox detail. In this tab, selected user groups may be allowed to perform particular operations.

    Any change in user group permissions will automatically log out all users assigned to the affected group from all their active sessions and force them to log in again.

    There are the following types of operations:

    Table 23. Sandbox permissions
    Name Description


    Users can see this sandbox in their sandboxes list.


    Users can modify files in the sandbox through CS APIs.


    Users can execute jobs in this sandbox.

    Note: job executed by graph event listener and similar features is actually executed by the same user as job which is the source of the event. See details in graph event listener. Job executed by schedule trigger is actually executed by the schedule owner. See details in Scheduling. If the job needs any files from the sandbox (e.g. metadata), the user also must have read permission, otherwise the execution fails.

    Note that these permissions modify the access to the content of specific sandboxes. In addition, it is possible to configure permissions to perform operations with sandbox configuration (e.g. create sandbox, edit sandbox, delete sandbox, etc). For details, see Users and Groups.