Rights

The Process Rights section is used to set rights and security for individual processes, to determine who may administer, start or report on instances of that process.

You normally have to assign security rights for workflows designed in K2 Studio or K2 for Visual Studio the first time the workflow is deployed to a new environment. (K2 Designer for SharePoint and K2 Designer gathers permission settings from the user when the process is designed, but these permissions can be subsequently modified with the Process Rights screen.). Permissions for subsequent deployments of the process do not need to be set, unless you want to modify permissions for each deployment manually. By default, K2 grants the deploying user account Admin rights to the process.

Users do not require any particular permission to complete worklist items assigned to them. The fact that the task is assigned to the user implies that the user has permission to complete the task. Therefore, it is not necessary to give any permission to a user who may receive a task somewhere in the workflow and who does not need to start the workflow or report on the workflow.

K2 Security generally follows a permissive-optimistic approach. This means that the higher level of permission takes precedence, so if a user had both “Admin” and “Start” permission on a process through different groups, the Admin permission takes precedence and the user will be able to administer the workflow as well as start the workflow. Also, workflow permissions are not version-specific: any rights defined for a workflow will apply to all versions of that workflow.