Roles
The Roles node is used to create, edit, delete or save K2 roles. Roles are essentially “groups” defined in K2 and are most often used for assigning tasks. Sometimes it is not possible to define Groups in Active Directory or SharePoint for task allocation (perhaps the AD or SharePoint administrators are unwilling to define groups for other K2 requirements), or sometimes groups may contain users authenticated through different mechanisms. In these cases, K2 provides an alternative approach with Roles, which can contain one or more users and groups, from multiple user managers. As an administrator, you define roles using the K2 Management site and they are stored on your K2 server. You can modify roles over time to change who tasks are assigned to without needing to modify the design of workflows configured to use those roles. Roles can be used in workflows and forms to ensure the correct role membership can action tasks, workflows and forms. For more information, see the Recipients topic.
You can also apply Role Authorization to your roles using the security tab. Role Authorization allows you to assign rights to specific user and groups within the role. For more information see Authorization Overview.
Follow these steps to add Roles:
- Click New from the Roles view.
- The Add Role view opens.
Use the table below as a guideline for the configuration:
Field Name Description Name The name for the Role being created. Type a value in the field provided. Description Describe the Role being created. Type a value in the field provided. Refresh with Worklist When you add a new user to the role, the user receives existing worklist items assigned to the role when they log in or when the worklist refreshes. Select the check box if you want the K2 server to refresh worklist items based on the latest role membership.
If you don’t select the Refresh with Worklist option, any changes you make to the Role's membership only affects new worklist items.
This option only applies to User Task steps where you do not check the Resolve Groups to individuals check box. When you check this option, the role is resolved to individual users as if you assigned the task to those users instead of the role, which causes the step to essentially not use the role or its Refresh with Worklist option. By default, Refresh with Worklist is unchecked because it does result in additional load on the server. You should only use this option if you have dynamic roles (such as in a call center scenario where users are continually rolling into and out of the queue) and your workflow tasks are assigned to the role without resolving the role to individual users.Search Click the Search drop-down and select to search for users or groups. Label Click the Label drop-down and select the Security Provider label you want to search on. Type Click the Type drop-down and select the type of search that will be performed. Search Button Type a value in the text box provided and click Search. Add Button The matching users or groups will be returned in the first view. Select a user or group and click Add. The user or group will now be listed in the second view. You can add multiple users or groups by doing a new search and clicking the Add button again. Remove Button To remove Role Members, select the user or group from the second view and click Remove. The user or group will no longer be part of this Role. Include check box Each Role Member is set to be included in the Role by default. Select the check box to exclude the Role Member from the Role. OK Button Click OK to complete the configuration. This will take you back to the Roles view and the new Role will be listed. Cancel Button Click Cancel if you no longer want to complete the configuration. This will take you back to the Roles view. - Specify Role Security if required.
Follow these steps to edit a Role:
- Select the Role you want to edit.
- The Edit button becomes available. Click Edit.
- The Edit Role view opens.
- Edit the information as required. Use the table provided in the Roles section as a guideline.
- Click OK to save the changes.
Follow these steps to delete a Role:
- Select the Role you want to delete using the check box in front of the Role. You can select multiple Roles to delete.
- The Delete button becomes available. Click Delete.
- Click OK on the confirmation message.
This option is only applicable when changing the Refresh with Worklist option for the Role. Follow these steps to save changes to a Role:
- Change the behavior for the Role by clicking the Refresh with Worklist check box. Click Save.
Role Authorization allows you specify rights to users and groups within your custom role via the Security tab. These rights allow users or groups to modifyand delete and apply security to the membership of the custom role. For more information see the Authorization Overview topic.
Role Rights | Description |
---|---|
Modify | Allows you to modify the role. |
Delete | Allows you to delete the role. |
Security | As the creator of Roles you can assign Security rights to Roles, which allows others the manage the object's security, including assigning Modify, Delete and Security rights. |
Follow these steps to add role authorization to a Role:
- Select a custom role and click Security.
- On the Security page, add a user or group by clicking the Add button.
- On the Add Users, Groups, And Roles page search and add a user or group. Click OK.
- Specify the user or group's Modify, Delete and Security rights. Three options are available: Allow, Deny and None.
- Add more users and groups to the Security page if required. Click Close.
When specifying users and groups for role authorization, the Everyone role is added by default, providing all authenticated users in your organization, the ability to modify and delete the role membership. Best practice would be to remove the Everyone role from the role authorization (By clicking the Break Inheritance button, select everyone role and clicking the Trash Can icon) and add users and groups according to your organizations requirement.
Follow these steps to edit role authorization in a Role:
- Select a custom role and click Security.
- On the Security page, add a new user or group or edit existing rights.
- Click Close.
Follow these steps to remove authorization in the Role:
- Select a custom role and click Security.
- Select a required user or group and click Remove.
- Click Close.
Below is a list of considerations when working with roles.
- If you are a member of the Data Administrators role you have full access to all data, irrespective of the settings in SmartBox Data Access policies.
- There must always be at least one user in a role.
- A role can only contain users and groups.
- You cannot remove yourself from a role for security reasons, another user with sufficient rights on the role or an administrator can remove you from a role.