Scripting Restrictions

Code executed by a script-enabled Flex action has a number of restrictions placed upon it. This is to prevent operations that might affect system stability and security. A whitelist policy is enabled which controls which packages and classes are allowed to be used in a script.

Note

If are you are trying to use a JDK package or class, and are getting a permission issue, please contact your Flex representative so that the development team can evaluation whether it should be included in the default white-list.

JVM Features

  • File API (outside of /flex/flex-enterprise/storage/media)
  • Direct SQL access
  • Reflection

Groovy Features

Classes

Methods

Adding Permissions

Flex allows you to add system-wide permissions via a JSON document in the Consul KV flex/flex-jobasyncexecutor-service/securityPolicyPermissions, but it should be understood that this is a security risk. The example below shows how to allow access to the classes in accessClassInPackage.org.apache.groovy.internal.util and to be able to read and write files to /home/ftpusers:

{
  "permissions": [
    {
	  "type": "RuntimePermission",
	  "name": "accessClassInPackage.org.apache.groovy.internal.util"
	},
	{
	  "type": "FilePermission",
	  "name": "/home/ftpusers/*",
	  "action": "read,write"
    }
  ]
}