The SharePoint Service Account is the account that the SharePoint application pool will run under. This account probably already exists in your environment, but there are some permissions that should be validated to ensure that the K2 integration with SharePoint functions properly.
The rest of this guide will use domain\SharePoint Service Account as a placeholder for the SharePoint Service Account name. When installing K2 in your environment, replace this placeholder with your actual account name.
The SharePoint Service Account will need the following permissions:
| SharePoint Server | |
|---|---|
| Permission | Used For |
| Local Administrator |
In order to log K2 blackpearl Server messages to the Event log, the SharePoint Service Account must be a local administrator on the SharePoint server. |
| Rights | Folder or Registry Key |
| Modify | %SYSTEMROOT%\temp |
| Write | %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\12\Layouts\Features |
| Write | %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\12\ISAPI |
 |
Note that the \12\ in the folders mentioned above will be \14\ on a Microsoft SharePoint Server 2010 system. |
| SQL Server | |
|---|---|
| Permission | Used For |
| db_DataReader on the database |
For the K2 Designer for SharePoint to function properly, the SharePoint Service Account needs read permission on the database. This is automatically set up by the Setup Manager during install. For upgrade scenarios where multiple k2 databases still exists, the database rights required for webdesigner, will still be applied on the the webdesigner database. For new installations where a single K2 database exists, the database rights for webdesigner will be applied on the webdesigner schema instead. |
| db_DataWriter on the database |
For the K2 Designer for SharePoint to function properly, the SharePoint Service Account needs write permission on the database. This is automatically set up by the Setup Manager during install. |
| Execute on Stored Procedures in the database |
For the K2 Designer for SharePoint to function properly, the SharePoint Service Account needs to be able to execute the Stored Procedures on the database. This is automatically set up by the Setup Manager during install. |
| Authenticated Users | |
|---|---|
| Rights | Folder or Registry Key |
| Modify | C:\Users and all folders below. (Applicable to Windows 2008 Servers). Apply this to all SharePoint Web Front Ends |
 |
While infrastructure changes are required by K2, each environment is different and has its peculiarities which must be taken into account. Modifying the infrastructure could have unforeseen results if the changes are not appropriately understood or managed. Given the broad spectrum of underlying infrastructure utilized, it is recommended that a panel or committee with appropriate skill in each area concerned be assembled to outline the underlying infrastructure changes and gauge the impact of the required changes. |
