If you are referring to the web services, there isn't any sort of security mechanism around smart objects themselves from either a service or traditional stand point. The only security that exists is whether or not you can create and deploy smart objects. After that, the next available type of secuirty is whatever is enforceable on the backend system as to being able to use the smart object.

On the topic of the smart object services, you might be able to use IIS web.config based security to limit your services to a set of users, but this would be for any and all smart objects that you hope to consume via the service endpoints. There could be some other WCF options, but that will need some research and if you cannot do it via configuration then your options are limited.

I know that K2 is introducing a lot of security in a future release, but as of 4.6.11 and earlier it isn't available.

S.

OK, thank you for the answer.

Regards,

arnam