How to use a SmartObject as a Lookup Object with Data Level Security
Introduction
Within production environments it becomes essential to set data level security to protect, restrict or enable access to company data in a controlled manner. Within K2 blackpearl the SmartObject is used to represent real life instances of company data, such as organizations, customers, and regions.
K2 blackpearl allows the user to enable data level access when two or more SmartObjects are associated with each other. This feature provides the flexibility for Administrators to either enable or restrict access to SmartObjects. The developer must however be aware that certain settings must be enabled before this functionality can be used.
This KB Article contains a short demonstration describing how to configure security using the Lookup feature. There are two methods available to do this. The first method is done in the K2 Designer for Visual Studio and requires that specific settings are configured at design time before the SmartObject is deployed. Any changes that are required to the SmartObject’s configuration once it is deployed will require that the amended SmartObject be redeployed. The second method allows you to set the Lookup SmartObject settings in K2 Workspace after deploying the associated SmartObjects.
Note: |
Implementation Example | ||||||||||||||||||||
Resources Required | ||||||||||||||||||||
To setup the example provided in this article a minimum of two SmartObjects are required:
The SmartObjects are then deployed. The steps required to create a SmartObject have been documented adequately in the K2 Help file. For detail on creating SmartObjects, refer to that resource. It is not essential that the reader follow the naming in this example explicitly but it will assist with correlating the example with your real life project. Step 1 - Create SmartObjectsWhen creating the SmartObjects, keep in mind the following tips:
| ||||||||||||||||||||
Step 2 - Configure the LookupOnce both the SmartObjects are created (see above for property attributes) the lookup is then configured. To configure the lookup, open the Region SmartObject and follow the steps below:
Important: The Lookup settings configured in the K2 Designer for Visual Studio cannot be changed or edited in K2 Workspace. The Lookup configuration would need to be either disabled or reconfigured in the K2 Designer for Visual Studio and redeployed to the K2 Server.
| ||||||||||||||||||||
Step 3 - Create AssociationsAn association is required between the Customer SmartObject and the Region SmartObject. To configure the association, the SmartObject selected is the SmartObject not configured as the lookup. For this example, select the Customer SmartObject to create the association with the Region SmartObject.
Step 4 - Deploy SmartObjectsBefore deploying the SmartObjects do the following:
After the above have been checked, right click the project in the Solution Explorer and select deploy. This will run the deployment wizard. If you are unsure how to use this wizard, refer to the K2 blackpearl Help file for details on this wizard.
| ||||||||||||||||||||
Step 5 - Data Level MappingsOnce the K2 SmartObjects are deployed to the K2 Server, open K2 Workspace.
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
The Data Level Mapping Settings page will display all users that can be given permissions on the SmartObjects. To set permissions on the Lookup object for a specified user, do the following:
| ||||||||||||||||||||
Step 7 - Viewing User PermissionsTo View the user permissions, do the following: Open up the Security Tab, and you will see the users that you have given permissions to view at least one item from the Lookup SmartObject. As a result of applying security (i.e., giving one user access), no other users are able to view the data in the lookup, unless they have been given explicit access rights. Additional users can be added using the steps in Step 6 above.
| ||||||||||||||||||||
Setting the Lookup SmartObject from K2 WorkspaceIf the SmartObject Lookup configuration was not performed in the K2 Designer for Visual Studio, the Lookup SmartObject settings can be set from K2 Workspace. To configure the Lookup do the following:
After the lookup has been configured in K2 Workspace, you can set the security permissions. The previous section, Step 6, detailed how to perform this task. Final Items for ConsiderationSecurity ConsiderationsBefore the lookup is configured, all users are able to view the contents of the Lookup SmartObject. Once the security on the lookup is configured, only those with view rights will be able to view the data. Users without rights will be unable to view the contents of the lookup. Be sure to set the necessary data access for all users who require it. Configuring the Lookup in K2 WorkspaceOnce the lookup is configured from K2 Workspace, the Additional Settings button disables and the Lookup configuration cannot be changed. This is by design and if changes to the particular lookup are required they can be implemented by using the K2 Designer for Visual Studio to perform the following tasks:
Once the SmartObject is available in the K2 Designer for Visual Studio, the Lookup can be configured there and redeployed. After the SmartObject is redeployed, the lookup can be reconfigured once again in K2 Workspace. User Project Example | ||||||||||||||||||||
| ||||||||||||||||||||
Accompanying this article are project files that will enable the user to perform the steps in this article. The attached project files require K2 blackpearl Hotfix1 or later. The attachment includes the following: K2 Designer for Visual Studio Project
Web site Projects
| ||||||||||||||||||||
Appendix A - Create a Web SiteThe Lookup security capabilities are best demonstrated using a site with user controls that return data from the deployed SmartObject based on the Lookup security settings. The project examples included with this article contain the project page; a site is required to host the page. Follow the instructions below to create the site.
Once the site exists, open the ASP.NET page example within Visual Studio and publish the page to the following site 8082 (or the port you created the website on). Once the page is published, browse to the site http://localhost:8082 to view the page. If set up correctly, the data within the lookup SmartObject will be displayed on the page based on the permissions of the user logged in.
Appendix B - Create a User PageA user site can be created to demonstrate the Lookup security features. The Lookup security is best demonstrated when you compare the security settings for two different users with different security settings. This requires that at least two users are added in K2 Workspace and they are provided with different security settings. Create the project
Add the controls and configure the data sourceIn the Toolbox click on the Data Tab:
Final Data source configuration
Web.Config configuration
Publish the Web site
|