Permissions needed for common tasks
The table contains common tasks, permissions required to use them, and examples of error messages you'll see if you do not have the correct permissions.
Task | Permission | Error if I do not have rights |
Access K2 Management as an Administrator |
To access the K2 Management site you need Admin or Export rights. With Admin rights, you see all nodes within K2 Management. With Export (deploy) rights you see limited nodes within K2 Management To set this in K2 Management, go to the Workflow Server node, then select the Server Rights node and assign Admin or Export rights to the user. For more information on how to set permissions, see the Server Rights topic. |
Message: "You don't have sufficient permissions to access Management". |
Access K2 Management as a user |
To access K2 Management you need Admin or Export rights. With Admin rights you see all nodes within K2 Management. With Export rights, you see limited nodes within K2 Management To set this in K2 Management, go to the Workflow Server node, then select theServer Rights node and assign Admin or Export rights to the user. For more information on how to set permissions, see the Server Rights topic. |
Message: "You don't have sufficient permissions to access Management". |
Access K2 Workspace |
By default, all users see their Workspace and custom Workspaces. For more information on Workspace, see the K2 Workspace topic. |
No error message. |
Access K2 Designer |
To access K2 Designer you need View rights. To set this in K2 Management, go to the Designer node and assign View rights to the user. For more information on configuration, see the Designer topic. |
Message: "Uh oh… You are missing the required design right to be able to view this page".
|
Access K2 Workflow Designer |
To access K2 Workflow Designer you need Export rights. To set this in K2 Management, go to the Workflow node, and then Server Rights and assign Export (deploy) rights to the user. For more information on how to set the permission, see the Server Rights topic. |
Message: "Uh oh… You are missing the required design right to be able to view this page"
|
Install an App from App Catalog |
To install an app from the App Catalog, you need Export rights. To set this in K2 Management, go to the Workflow Server node, and then Server Rights, and assign Export rights to the user. For more information on how to set the permission, see the Server Rights topic. You also need to be a member of the Package and Deployment role. To set this in K2 Management, go to the Users node, and then Roles, and select Package and Deployment. Click Edit and add a user to the role |
Error: 30013 [username] is not a member of the Package and Deployment role and/or does not have Export rights on the Workflow server.
|
App Administration access |
To access the App Administration page you need to be added to the Administrators list by your system administrator. From the App page, select the Admin option in the Build section. Then select the Security area and add the user name to the Administrators List. For more information on administering your Apps, see the Administer Apps topic. |
Message: "You are not authorized to access this page"
|
Deploy, Edit and Save a Workflow |
To deploy, edit or save a workflow, you need Export rights. To set this in K2 Management, go to the Workflow Server node, and then Server Rights, and assign Export rights to the user. For more information on how to set the permission, see the Server Rights topic. |
No specific error message shows. Without Export rights you cannot access the K2 Workflow Designer. |
Run Reports |
To run reports from K2 Management or Workspace, you need View or View Participate rights. To set this in K2 Management, go to the Workflow Server node, and then Workflows and then find and select the workflow. Click Rights and then assign View or View Participate rights to the user. For more information on how to run reports from K2 Management, see the Reports topic. For more information on how to run reports from Workspace, see the Reports topic.
|
|
Package and Deployment |
To package and deploy K2 solutions you need Export rights. To set this in K2 Management, go to the Workflow Server node, and then Server Rights, and assign Export rights to the user. For more information on Package and Deployment permissions, see the Package and Deploy Considerations topic. |
Error: "30008 'K2:[Domain]\[username]' does not have export rights"
|
Package and Deployment |
To package and deploy K2 solutions you need to be a member of the Package and Deployment role. To set this in K2 Management, go to the Users node, and then Roles, and select Package and Deployment. Click Edit and add a user to the role. For more information Roles see the Authorization Framework Overview topic. For more information on Package and Deployment permissions, see the Package and Deploy Considerations topic. |
Error:"30011 [username] is not a member of the Package and Deployment role and cannot create or deploy packages"
|
Package and Deployment |
To package and deploy K2 Solutions you need View right to all K2 objects. The Package and Deployment role grants its members global view rights, however, membership in this role does not override any Deny rights. If you have View rights denied to any item in the category system, you are prompted to update permissions to View the item or items. To set this in K2 Management, go to Categories and select the K2 object. In the Security section, add the user and set View rights to Allow. This ensures that when dependencies are checked, Package and Deployment knows whether items exist (and need to be updated) or do not exist (need to be created). For more information on permissions on K2 objects, see the K2 Objects section in the Authorization Framework Overview topic. |
Error: "Deny rights detected. Unable to continue".
|
Grant rights |
To grant rights you need to be a member of the Security Administrators role. To set this in K2 Management, go to the Users node, and then Roles, and select Security Administrators. Click Edit and add a user to the role. For more information on roles, see the Roles section in the Authorization Framework Overview topic. |
Users that are not members of the Security Administrators Role will not see the Security view in K2 Management. The Security view only loads once they become members of the role. |
Modify and Delete Roles |
To modify and delete custom roles you need Modify and Delete rights. To set this in K2 Management, go to the Users node, and then Roles, and select the role. Click the Security button and add a user to the role. Security Administrators have Security rights by default for all legacy and new custom roles (except system roles). Users that create their own roles are automatically granted Security rights on those roles. For more information on roles, see the Roles section in the Authorization Framework Overview topic. |
No error message shows. If you do not have security rights to a role, the Security button is disabled. If you decide to deny Modify and Delete rights to someone's role the following messages show:
|
Browse to and use Forms, Views and SmartObjects using the Category Tree in K2 Designer or K2 Management |
To browse to K2 objects using the category tree in K2 Designer or K2 Management, you need View rights. To set this in K2 Management, go to the Categories node and select the K2 object. In the Security section add the user and set the View rights to Allow. For more information on permissions on K2 Objects, see the K2 Objects section in the Authorization Framework Overview topic. |
No error message shows. The node does not appear in the Category Tree if you don't have View Rights |
Interact with Forms and run Forms at Runtime. |
To interact with forms and run them, you need Execute rights. To set this in K2 Management, go to the Categories node and select the form. In the Security, section add the user and set the Execute rights to Allow. For more information on permissions on K2 Objects, see the K2 Objects section in the Authorization Framework Overview topic. |
Error: "Form [name] could not be found. Ensure that the Form exists, that it is checked in and that you are authorized to run the Form."
|
Add, register and deploy the K2 for SharePoint App |
To add, register and deploy the K2 for SharePoint App you need the following permissions:
|
No error message show. You will not see any Administration Links for the K2 for SharePoint App on the App Catalog level.
|
Add a K2 web part in SharePoint |
To add a K2 web part in SharePoint you need the following permissions:
|
If you don't have permission, the Edit Permission level and the Add and Customize Pages shows with the following:
For more information, refer to the SmartForm not displayed by Page Viewer Web Part Knowledge Base article (KB001408). |
Create and deploy applications with the K2 for SharePoint App |
To create and deploy applications you need to configure the following: K2 Permissions: Assign K2 Designer Edit rights in K2 Management site > Designer. SharePoint Permissions:
|
Error: "Access Denied. You need Solution Designer and K2 Designer permissions to design K2 artifacts."
|
Permissions required using applications created with the K2 for SharePoint App. To Start and View a Workflow |
To Start and View a workflow you need to configure the following: In K2 Management, go to the Workflow Server node, and then Workflow, and select the workflow. Select Rights and assign Start and View rights to the user. In SharePoint:
|
|
Sharing K2 Applications with external users |
To share K2 applications with external users you need to configure the following SharePoint permissions:
|
|
Permissions to administer K2 for SharePoint App |
To administer K2 for SharePoint app you need to configure the following: K2 Permissions: Admin SharePoint Permissions: Global Admin |
No error message show. You will only see the following on Site Collection level:
|
Read data from Azure Active Directory |
To read data from Azure Active Directory the K2 for AAD app is granted Read on configuration of the app by a Global Tenant administrator |
|
Write data to Azure Active Directory |
To write data to Azure Active Directory, the K2 for AAD Management app needs Write permissions granted on configuration of the app by a Global Tenant administrator |