Management and Administration > Required Permissions for K2 Components | Send feedback |
Changing the permission level does not remove users who already have rights on the K2 Server. Use Management Console to remove these users. |
Feature | Task | SharePoint Site Server Rights | K2 blackpearl Server Rights | Windows / Other Rights |
---|---|---|---|---|
K2 Server |
Send receive emails |
N/A | N/A | Access to a mail account, user name and password |
K2 Studio | Create Workflow | N/A | N/A | Write access to where you are saving the process |
K2 Studio | Deploy Workflow | N/A | Export Rights | N/A |
Process Portals | Create Process Portal | Manage Hierarchy on the top site where the Process Portal is created | N/A | N/A |
Process Portals | Access Process Portal | At least Read rights on the Process Portal | N/A | N/A |
Process Portals | Management Worklist | At least Read rights on the Process Portal | Admin on the Process | N/A |
Process Portals | Reports | At least Read rights on the Process Portal | View Part or View rights on the Process | N/A |
Process Portals | View Reports | At least Read rights on the Process Portal | Process Admin, Process View, Process View Participate | N/A |
Process Portals | Instance Management (including Instances Summary) | At least Read rights on the Process Portal | View rights on the Process | N/A |
Process Portals | Instances Summary Web Part | At least Read rights on the Process Portal | Server Admin, Admin on the Process, Process View | N/A |
Process Portals | Start Process Instance | At least Read rights on the Process Portal | Admin on the Process, Start Process | N/A |
Process Portals | Add Process to Portal | At least Contributor rights on the Process Portal | Server Admin, Admin on the Process | N/A |
Process Portals | Process Instances | At least Read rights on the Process Portal | Server Admin, Admin on the Process, Process View | N/A |
Process Portals | Process Management - View Detail | At least Read rights on the Process Portal | Server Admin, Admin on the Process | N/A |
Process Portals | Process Management - View Detail - Roles | At least Read rights on the Process Portal | Server Admin, Admin on the Process | N/A |
Process Portals | Process Management – Perform Action – Roles | At least Read rights on the Process Portal | Server Admin, Admin on the Process | N/A |
Process Portals | Process Instances - View Detail | At least Read rights on the Process Portal | Server Admin, Admin on the Process, Process View | N/A |
Process Portals | Process Instances - Perform Action | At least Read rights on the Process Portal | Server Admin, Admin on the Process | N/A |
Process Portals | Administration | At least Read rights on the Process Portal | Admin for the K2 Server | N/A |
Process Portals | Settings (including show/hide/adding process) | At least Read rights on the Process Portal | View Part or View rights on the Process | N/A |
Process Portals | Processes Web Part | At least Read rights on the Process Portal | Admin for the K2 Server, Process Admin | N/A |
Process Portals | View landing page - Processes Web part or Management Worklist | At least Read rights on the Process Portal | Admin for the K2 Server, Process Admin | N/A |
Process Portals | Administration Links (Central/Site) | At least Read rights on the Process Portal | Admin for the K2 Server | N/A |
Process Portals | Process Scheduler | N/A | The K2 Service Account requires Start rights on the Process that is being scheduled to start | N/A |
K2 Designer for SharePoint | See the K2 Web Designer Menu item in the List Settings menu | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Create New Workflow | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Edit a workflow | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Reuse one of my workflows | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Reuse a shared workflow | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Save Template | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Publish a workflow | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Export a workflow | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | Write access to where you are exporting to |
K2 Designer for SharePoint | Share a workflow | Default is SharePoint Members Group or specify a group under K2 site settings | N/A | N/A |
K2 Designer for SharePoint | Start a Workflow on Form Library | Rights to access the Form | Start rights on the Process | N/A |
K2 Designer for SharePoint | Start a Workflow on a List or Document Library | Rights to access the document in the library | N/A | N/A |
InfoPath Integration | Start a workflow | Contributor on the library | Start rights on the Process | N/A |
InfoPath Integration | Deploy an InfoPath Process | Contributor rights on SharePoint Site | Export Rights | N/A |
InfoPath Integration | Destination user retrieves and updates the temp XML file | Contribute rights on the site | N/A | N/A |
SharePoint Workflow Integration | Start a workflow | Contributor on the list or library | Start rights on the Process | N/A |
SharePoint Workflow Integration | K2 Service Account Rights Needed | Full Control on the list or library | Impersonate on the K2 Server | N/A |
SharePoint Workflow Integration | SharePoint Service Account Rights Needed | Full Control on the list or library | Impersonate on the K2 Server | N/A |
K2 Process Management for Visual Studio | Use the Process Management tool | N/A | Admin on the Process | N/A |
K2 Data Provider | Access SmartObjects | Read access to the list or library. This depends on the methods that get executed. An update, insert or delete will require contributor rights | N/A | N/A |
K2 Site Settings | Events Integration Management (Activate/Deactivate) | Full control on the site | Admin Rights | N/A |
K2 Site Settings | Workflow Integration Management (Activate/Deactivate) | Full control on the site | Admin Rights | N/A |
K2 Site Settings | SmartObject Service Management | Read access to the list or library | Export Rights and Admin Rights | N/A |
K2 for SharePoint Tab in central Admin | K2 Site Settings Link | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 for SharePoint Tab in central Admin | K2 for SharePoint Management Console | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 for SharePoint Tab in central Admin | K2 SmartObject Service Integration | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 for SharePoint Tab in central Admin | K2 Web Designer Version 2.0 | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 for SharePoint Tab in central Admin | K2 Workflow Integration Content Types | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 for SharePoint Tab in central Admin | K2 for SharePoint tab in Central Admin | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 for SharePoint tab in Central Admin | Add Settings to Site Collection | Full control on the site collection where the feature is being activated; access to SharePoint Central Admin | N/A | N/A |
K2 Exchange Event Wizard | Object Browser - Exchange Server Field | N/A | The K2 Service account will need Exchange View Only Administrator rights for the Microsoft Exchange Server | N/A |
K2 Exchange Event Wizard | Create Mailbox and Disable Mailbox actions | N/A | The Exchange Event should be configured to run as a service or user account with Exchange Organization Administrator rights | N/A |
K2 Exchange Event Wizard | Send Meeting Request and Send Task actions | N/A | The Exchange Event should be configured to run as a service or user account with impersonation rights with NO Exchange Organization Administrator rights. The service or user account should also have a trusted server certificate from the Exchange web service in his Personal certificate store. | N/A |
CRM Event Wizard | Create, Update and Delete CRM Entities in the K2 Designer for SharePonit | N/A | N/A | The AppPool account used for the K2 Designer for SharePoint must have full rights on the CRM server |
Active Directory Event Wizard | Create and Update Active Directory Users | If the K2 Server is installed on Windows Server 2003, LDAP over SSL (LDAPS) will need to be configured. See Using the AD wizard on Windows 2003 and the LDAP requirement | N/A | N/A |
There are several additional permissions that should be set up prior to installing K2 blackpearl. Please see the K2 blackpearl Getting Started Guide for more information regarding these items:
Server Role | Permission |
---|---|
K2 Server |
The K2 Service Account will need permission to Log on as a Service. |
Reporting Services Server |
In order to access the temporary directory during runtime, some permissions are required for all authenticated users. |
IIS Server |
In order to access the temporary directory during runtime, some permissions are required for all authenticated users. |
SharePoint Server |
In order for K2 workflow processes to be able to be deployed, some permissions are required on the SharePoint directory. |