Version

    Sandbox Content Security and Permissions

    Each sandbox has its owner who is set during sandbox creation. This user has unlimited privileges to this sandbox as well as administrators. Another users may have access according to sandbox settings.

    sandboxes permissions
    Figure 105. Sandbox Permissions in CloverDX Server Web GUI

    Permissions to a specific sandbox are modifiable in Permissions tab in sandbox detail. In this tab, selected user groups may be allowed to perform particular operations.

    There are the following types of operations:

    Table 24. Sandbox permissions
    Name Description

    Read

    Users can see this sandbox in their sandboxes list.

    Write

    Users can modify files in the sandbox through CS APIs.

    Execute

    Users can execute jobs in this sandbox.

    Note: job executed by graph event listener and similar features is actually executed by the same user as job which is the source of the event. See details in graph event listener. Job executed by schedule trigger is actually executed by the schedule owner. See details in Scheduling. If the job needs any files from the sandbox (e.g. metadata), the user also must have read permission, otherwise the execution fails.

    Note that these permissions modify the access to the content of specific sandboxes. In addition, it is possible to configure permissions to perform operations with sandbox configuration (e.g. create sandbox, edit sandbox, delete sandbox, etc). For details, see Users and Groups.