IT:AD:K2:HowTo:Assign Server and Process Rights to a User

• (UP)

  • IT:AD:K2:HowTo:Create a Client Event
    • IT:AD:K2:Development:HowTos:Create a Client Event
  • IT:AD:K2:HowTo:Start A Workflow
    • IT:AD:K2:HowTo:Start a Workflow Process
  • Check that License is Still Valid
  • install_pulse_dev_environment
  • install__in_pictures_
  • IT:AD:K2:Development:HowTos:Create and Edit Code Activities
  • IT:AD:K2:Development:HowTos:Create an IPC Event
  • IT:AD:K2:Development:HowTos:Create Emails
  • IT:AD:K2:Development:HowTos:Create Process Fields
  • IT:AD:K2:Development:HowTos:Create String Table Entries
  • IT:AD:K2:Development:HowTos:Rename Activities
  • IT:AD:K2:Development:HowTos:Use WCF
  • IT:AD:K2:Environment:Installation
  • IT:AD:K2:HowTo:Assign Server and Process Rights to a User
  • IT:AD:K2:HowTo:Change Target Server
  • IT:AD:K2:HowTo:Change Target Template
  • IT:AD:K2:HowTo:Check the K2 Service is running
  • IT:AD:K2:HowTo:Configuration Unknown
  • IT:AD:K2:HowTo:Create and Deploy a Project Package
  • IT:AD:K2:HowTo:Debug
  • IT:AD:K2:HowTo:Define Process Scoped Vars
  • IT:AD:K2:HowTo:Generate an Install License
  • IT:AD:K2:HowTo:Get Support
  • IT:AD:K2:HowTo:Get TechSupport
  • IT:AD:K2:HowTo:Install and configure the K2 Server Firewall
  • IT:AD:K2:HowTo:Move the Db to a different Server
  • IT:AD:K2:HowTo:Publish a Project
  • IT:AD:K2:HowTo:Redirect a Workflow to another User
  • IT:AD:K2:HowTo:Rename Events
  • IT:AD:K2:HowTo:Server
  • IT:AD:K2:HowTo:Set Process Rights after Deployment
  • IT:AD:K2:HowTo:Set up Environments
  • IT:AD:K2:HowTo:Setup Logging

The choices are:

• Admin: full administrative rights on the K2 server
  • eg: K2-Usr-Admin (server rights cannot yet be assigned to Groups).
• Export: only can export (deploy) to the K2 Server
  • eg: Grp-K2-Deployer (server rights cannot yet be assigned to Groups).
• Impersonate: has internal impersonation rights within the K2 workflow context, not to be confused with Kerberos impersonation.

  • Only assign this right for accounts that execute code requiring impersonation rights within K2.
  • Use of Kerberos impersonation over K2 impersonation is prefered:
    • it is more secure,
    • more scalable and
    • K2 does not act as an authentication mechanism

  #### Process Rights ####

It is best practice to assign Process rights to Groups, not Individuals.

Process rights are:

• Admin
• Start
  • Assign to Svc-K2-WS-xxxx
  • Assign to Svc-K2-AP-xxxx
  • Assign to Grp-K2-Admins
  • It may be necessary to assign to individual users – but try avoiding this.
• View
• View Part
• Server Event
  • Assign to Svc-K2-AP-xxxx