Sandbox Content Security and Permissions
Each sandbox has its owner which is set during sandbox creation. This user has unlimited privileges to this sandbox as well as administrators. Another users may have access according to sandbox settings.
 |
Figure 15.2. Sandbox Permissions in CloverETL Server Web GUI
Permissions to a specific sandbox are modifiable in Permissions tab in sandbox detail. In this tab, selected user groups may be allowed to perform particular operations.
There are 3 types of operations:
Table 15.2. Sandbox permissions
| Read | Users can see this sandbox in their sandboxes list. |
| Write | Users can modify files in the sandbox through CS APIs. |
| Execute | Users can execute jobs in this sandbox. Note: jobs executed by "graph event listener" and similar features is actually executed by the same user as job which is source of event. See details in "graph event listener". Job executed by schedule trigger is actually executed by the schedule owner. See details in Chapter 22, Scheduling. If the job needs any files from the sandbox (e.g. metadata), user also must have read permission, otherwise the execution fails. |
| Profiler Read | User can view results of profiler jobs executed from the sandbox. |
| Profiler Admin | User can administer results of profiler jobs executed from the sandbox. |
Please note that, these permissions modify access to the content of specific sandboxes. In additions, it's possible to configure permissions to perform operations with sandbox configuration. e.g. create sandbox, edit sandbox, delete sandbox, etc. Please see Chapter 14, Users and Groups for details.