Security Consideration
The Run As feature is provided as a method of executing a Server Event under an alternative user context other than the K2 Service Account. The following Server Events offer this functionality:
- Any Server Based Event
- Active Directory Wizard
- Exchange Wizard
- Data Event
This feature provides an alternative, secure context under which Administration tasks are being carried out in Active Directory, Exchange or using a Data Event when the K2 Server does not have the correct user credentials. For example, a K2 Process may be created to automatically provide a new employee with an Active Directory account and Mail box. To maintain network security, the K2 Service Account is not normally given rights to perform such actions. However, since the Server Event needs to run the Network Administrator can be called upon by the K2 Developer creating the Process to enter a set of network credentials to Run As that user account that will enable the K2 Server Event to carry out it's assigned task.
Using this feature also provides native security in that any unauthorized deletion of Active Directory User Accounts or Illegal Access to Mail Account resources can be prohibited.
 |
It is not advised that the K2 Service Account be given access to Active Directory or Exchange Server as this does open up potential security threats |
User Managers
The Run As feature is not available in non Active Directory environments.
