K2 for SharePoint Required Permissions

• Activate features and K2 site settings

• Full Control permission on the default or selected Site Collection is required to open the page.
• • Activating All K2 Features
  • Creating and configuring hidden K2 lists
  • Examples: members of Site Collection Administrators and Portal Owners have the Full Control permission mask
• SQL Server server role – securityadmin (Server > Security > Logins or Server > Security > Server Roles)
• • securityadmin (required on K2 Server and SharePoint Server)
  • dbcreator (required on K2 Server and SharePoint Server)
  • db_owner for the webdesigner database (only required on K2 Server)

• Rights to set security on the All Users temp folder (%SYSTEMROOT%\System32\config\systemprofile\AppData\Local\Temp)

• Navigate to K2 Designer links on the K2 for SharePoint admin page

• Full Control permissions on the Central Admin Site Collection is required to open the page.
• Admin rights on K2 server
• • Retrieving Host Server configuration settings
• SQL Server server role on K2Server
• • securityadmin
  • dbcreator
    

    or

  • db_owner for the webdesigner database

• Rights to set security on the All Users temp folder (%SYSTEMROOT%\System32\config\systemprofile\AppData\Local\Temp)

• Deploy K2 Designer for SharePoint designed processes

Note: The Farm admin group permissions are required for legacy processes that use the old Workflow Integration method where a feature needed to be added to the Farm for each process deployed.

With SPWFI version 2 this is no longer a requirement.

The user can remove the farm admin permission and then check that everything is still working i.e. that they can deploy a process, as this is the only place this permission was required.

The user should bear in mind that if they make use of a generated Workflow Integration then they will have to be Farm admin, but this requirement is only for deployment and not execution.

The following security configurations are done automatically when the Deployment Application Pool account is configured:

• SharePoint Farm Administrators group membership (this permission is needed for deployment of processes only, not their execution)
• Site Collection Administration
• Export rights on K2 server
• SQL Server database role -- db-owner (Server > Databases > {database name} > Security > Logins):
• • K2 Designer for SharePoint database
• Add deployment application pool to SharePoint Application Pool collection which sets SQL Server database role -- db_owner for the following (Server > Databases > {database name} > Security > Logins):
• • SharePoint Central Admin content database
  • SharePoint Shared Services content database
  • SharePoint Site Collection content database
  • SharePoint Configuration database
  • db_owner for the webdesigner database
• Modify rights created on the All Users temp folder (%SYSTEMROOT%\System32\config\systemprofile\AppData\Local\Temp)

• Access the Create K2 Process menu to design and deploy a process with K2 Designer for SharePoint

• All groups with at least Design permissions (Design and Full Control) are included by default.
• Full Control permissions are required on the Site Collection to change the groups configured for Process Designer. This link is available on the K2 Site Settings page.
• The user deploying the process will be given Export rights on the K2 server.
• The user deploying the process will be given Admin and Start rights on the process.

• Participate in deployed K2 processes

• All groups with at least Contribute permissions (Contribute, Design and Full Control) are included by default.
• Full Control permissions are required on the Site Collection to change the groups configured for Process Participant. This link is available on the K2 Site Settings page.
• Process Participant groups will be given Start and View Participate rights on process.