IT:AD:K2:HowTo:Assign Server and Process Rights to a User
Assign Server Rights
The choices are:
Admin
: full administrative rights on the K2 server- eg:
K2-Usr-Admin
(server rights cannot yet be assigned to Groups).
Export
: only can export (deploy) to the K2 Server- eg:
Grp-K2-Deployer
(server rights cannot yet be assigned to Groups).
Impersonate
: has internal impersonation rights within the K2 workflow context, not to be confused with Kerberos impersonation.- Only assign this right for accounts that execute code requiring impersonation rights within K2.
- Use of Kerberos impersonation over K2 impersonation is prefered:
- it is more secure,
- more scalable and
- K2 does not act as an authentication mechanism
#### Process Rights ####
It is best practice to assign Process rights to Groups, not Individuals.
Process rights are:
- Admin
- Start
- Assign to
Svc-K2-WS-xxxx
- Assign to
Svc-K2-AP-xxxx
- Assign to
Grp-K2-Admins
- It may be necessary to assign to individual users – but try avoiding this.
- View
- View Part
- Server Event
- Assign to
Svc-K2-AP-xxxx