Beginning with K2 Cloud Update 6 and K2 Five (5.2), the SmartObject delete right is only available when using the Authorization Framework. Use this article to recreate permissions to restrict the ability to delete SmartObjects if you've used this in previous releases.
In the K2 Cloud Update 6 and K2 Five 5.2 release, the Delete right in the SmartObject Security node in K2 Management is deprecated, and all Delete rights are reset on upgrade. You can recreate these rights using the Authorization Framework.
After upgrade, the Delete right is set to Allow on the Everyone role (which includes all users) on all objects as shown here.
Any Delete rights that you configured using the SmartObject Security node prior to upgrade are no longer applied and the Delete option in the SmartObject Security node is disabled as shown here. Use the disabled Delete permissions in the SmartObject Security node in K2 Management as a reference when reapplying delete permissions after you upgrade.
To recreate delete rights for SmartObjects, use the Delete permission of the Authorization Framework.
This change does not affect existing SmartBox security rights set on SmartBox SmartObjects using the K2 Management > Integration > SmartBox Security node. Only the legacy SmartObject Security that you previously set using the K2 Management > Integration > SmartObject Security node is affected by this change.
Recreate Delete Rights Post Upgrade
To recreate SmartObject Delete rights after upgrade, follow these steps:
- Browse through your SmartObjects on which you previously configured the Delete right, and make note of the users, groups or roles to which you granted this right.
- On each SmartObject that you configured these rights, break inheritance and remove the Delete right from the Everyone role.
- Grant Delete rights to users, groups, and roles that you had previously configured on each SmartObject. K2 recommends granting these rights to groups at the category level for easier maintenance.