Permissions needed for common tasks
The table contains common tasks, permissions required to use them, and examples of error messages you'll see if you do not have the correct permissions.
Task | Permission | Error message if I do not have rights |
---|---|---|
Access Management as an Administrator |
To access the Management site you need server Admin rights. With Admin rights, you see all nodes within Management. Contact your Nintex K2 Administrator to give you Admin rights. To set this in Management, go to the Workflow Server node, then select the Server Rights node and assign Admin rights to the user. For information, see Server Rights. |
"You don't have sufficient permissions to access Management". |
Access Management as a user |
To access Management you need Process Admin rights. Process Admin gives you a restricted view of management for the processes that you are an admin for. Once you deploy a workflow you become the process admin of the workflow which will give you access to management. For information, see Process Details > Rights . |
"You don't have sufficient permissions to access Management". |
Access Workspace |
By default, all users see their Workspace and custom Workspaces. For information, see Workspace. |
No error message. |
Access the Designer |
To access the Designer you need Designer View rights. To set this in Management, go to the Designer node and assign View rights to the user. For information, see Designer. |
"Uh oh… You are missing the required design right to be able to view this page".
|
Access Workflow Designer |
To access Workflow Designer you need the Designer rights. To set this in Management, go to the Designer node, and then assign View rights to the user, group or role. For information, see the Designer and KB002722 - the Designer Rights Changes in Behavior. |
"Uh oh… You are missing the required design right to be able to view this page"
|
Create, Edit and Save a Workflow |
To create, edit, or save a workflow, you need the Designer rights. To set this in Management, go to the Designer node, and then assign View rights to the user. For information, see the Designer. |
"Uh oh… You are missing the required design right to be able to view this page"
|
Deploy a Workflow |
To deploy a workflow, you need Export rights. To set this in Management, go to the Workflow Server node, and then Server Rights, and assign Export rights to the user. For information, see Server Rights. |
No error message. You cannot access the Workflow Designer without Export rights. |
Install an App from App Catalog |
To install an app from the App Catalog, you need Export rights. To set this in Management, go to the Workflow Server node, and then Server Rights, and assign Export rights to the user. For information, see Server Rights. You also need to be a member of the Package and Deployment role. To set this in Management, go to the Users node, and then Roles, and select Package and Deployment. Click Edit and add a user to the role |
30013 [username] is not a member of the Package and Deployment role and/or does not have Export rights on the Workflow server.
|
App Administration access |
To access the App Administration page you need to be added to the Administrators list by your system administrator. From the App page, select the Admin option in the Build section. Then select the Security area and add the user name to the Administrators List. For information, see Administer Apps. |
"You are not authorized to access this page"
|
Run Reports |
To run reports from Management or Workspace, you need View or View Participate rights. To set this in Management, go to the Workflow Server node, and then Workflows and then find and select the workflow. Click Rights and then assign View or View Participate rights to the user. For information on how to run reports, see Management - Reports and from Workspace, see Workspace - Reports.
|
|
Package and Deployment |
To package and deploy solutions you need Export rights. To set this in Management, go to the Workflow Server node, and then Server Rights, and assign Export rights to the user. For information, see Package and Deploy Considerations. |
"30008 '[Domain]\[username]' does not have export rights"
|
Package and Deployment |
To package and deploy solutions you need to be a member of the Package and Deployment role. To set this in Management, go to the Users node, and then Roles, and select Package and Deployment. Click Edit and add a user to the role. For information, see Authorization Framework Overview. For more information on Package and Deployment permissions, see the Package and Deploy Considerations topic. |
"30011 [username] is not a member of the Package and Deployment role and cannot create or deploy packages"
|
Package and Deployment |
To package and deploy Solutions you need View right to all objects. The Package and Deployment role grants its members global view rights, however, membership in this role does not override any Deny rights. If you have View rights denied to any item in the category system, you are prompted to update permissions to View the item or items. To set this in Management, go to Categories and select the object. In the Security section, add the user and set View rights to Allow. This ensures that when dependencies are checked, Package and Deployment knows whether items exist (and need to be updated) or do not exist (need to be created). For information, see the Objects section in the Authorization Framework Overview topic. |
"Insufficient rights detected. Unable to Continue"
|
Grant rights |
To grant rights you need to be a member of the Security Administrators role. To set this in Management, go to the Users node, and then Roles, and select Security Administrators. Click Edit and add a user to the role. If you are a member of the security administrator role you can grant rights to any object in the system and you have security rights to individual objects. This means you can edit security for those objects. When you create an object in the system you are automatically granted security rights to that object so that you can administrate it without needing a security admin to help you. For information, see the Roles section in the Authorization Framework Overview topic. |
Users that are not members of the Security Administrators Role will not see the Security view in Management. The Security view only loads once they become members of the role. |
Modify and Delete Roles |
To modify and delete custom roles you need Modify and Delete rights. To set this in Management, go to the Users node, and then Roles, and select the role. Click the Security button and add a user to the role. Security Administrators have Security rights by default for all legacy and new custom roles (except system roles). Users that create their own roles are automatically granted Security rights on those roles. For information, see the Roles section in the Authorization Framework Overview topic. |
No error message shows. If you do not have security rights to a role, the Security button is disabled. If you decide to deny Modify and Delete rights to someone's role the following messages show:
|
Browse to and use Forms, Views and SmartObjects using the Category Tree in the Designer or Management |
To browse to objects using the category tree in the Designer or Management, you need View rights. To set this in Management, go to the Categories node and select the object. In the Security section add the user and set the View rights to Allow. For information, see the Objects section in the Authorization Framework Overview topic. |
No error message shows. The node does not appear in the Category Tree if you don't have View Rights |
Open and run forms at Runtime |
To open and run forms, you need Execute rights. To set this right, launch the Management Site, go to the Categories node and select the form. In the Security, section add the user or group and set the Execute rights to Allow.
For information, see the Objects section of in the Authorization Framework Overview topic. |
"Form [name] could not be found. Ensure that the Form exists, that it is checked in and that you are authorized to run the Form."
|
Interact with views, and run forms that contain those views at Runtime |
To open and run views (and forms that contain that view), you need Execute rights. To set this right, launch the Management Site, go to the Categories node and select the view. In the Security, section add the user or group and set the Execute rights to Allow.
For information, see the Objects section in the Authorization Framework Overview topic. |
|
Add, register and deploy the K2 for SharePoint App |
To add, register, and deploy the K2 for SharePoint App you need the following permissions:
|
No error message shows. You will not see any Administration Links for the K2 for SharePoint App on the App Catalog level.
|
Add a web part in SharePoint |
To add a web part in SharePoint you need the following permissions:
|
If you don't have permission, the Edit Permission level and the Add and Customize Pages shows with the following:
|
Create and deploy applications with the K2 for SharePoint App |
To create and deploy applications you need to configure the following: Permissions: Assign the Designer Edit rights in Management site > Designer. SharePoint Permissions:
|
"Uh oh... You are missing the required rights to be able to access this page. Error Details [User FQN] does not have Design Site permissions."
|
Permissions for using applications created with the K2 for SharePoint App. To Start and View a Workflow |
To Start and View a workflow you need to configure the following: In Management, go to the Workflow Server node, and then Workflow, and select the workflow. Select Rights and assign Start and View rights to the user. In SharePoint:
|
|
Sharing Applications with external users |
To share applications with external users you need to configure the following SharePoint permissions:
|
|
Permissions to administer K2 for SharePoint App |
To administer K2 for SharePoint app you need to configure the following: Permissions: Admin SharePoint Permissions: Global Admin |
No error message shows. |
Read data from Azure Active Directory |
The read data from Azure Active Directory, the Global Tenant administrator needs to grant Read permission when configuring the app. |
|
Write data to Azure Active Directory |
To write data to Azure Active Directory, the Global Tenant administrator needs to grant Write permission to the product for Azure Active Directory Management app. For information, see KB002052 - How to Reconsent to the K2 for Office 365 app for Minimum Azure Active Directory Permissions |