K2 BLACKPEARL PRODUCT DOCUMENTATION: USER GUIDE
Option 1
Management and Administration > Workspace Management > Management Console > SmartObject Services > SmartObject Services > SQL Server Service > SQL Server Service in Workspace > Option 1 Send feedback

Option 1

With both Use Native SQL Execution and On Different SQL Server fields set to True the following will occur:

In this configuration the linked server object ( )  is created on the K2 SQL Server.


The K2 Service Account calls into the K2 SQL Server’s linked server object (call A) pointing to the custom application SQL server.


For this to happen the K2 SQL Service account needs to be trusted for delegation to the Custom Application SQL Server. This in turn will allow successful authentication and passing of K2 Service Account details to the custom SQL server to retrieve the relevant data.


In this scenario there is an additional authentication ‘hop’ between K2 SQL Server and the Custom Application SQL Server.

To be able to execute in this configuration the following is needed:

  1. A GetList needs to be executed once on a SmartObject retrieving data from the Custom Application SQL Server. This GetList needs to be executed by a person having SysAdmin rights on the K2 SQL Server. Once this has been executed the SysAdmin can be revoked. This is required to create the linked server object on SQL by executing the ‘sp_addlinkedserver’ system stored procedure that requires SysAdmin.
  2. Kerberos needs to be configured in the environment and the K2 SQL Server Service Account needs to be configured to allow for delegation to the Custom Application SQL Server Service Account.

 

 

K2 blackpearl Help 4.6.10 (4.12060.1690.0)