I have a K2 process with aspx webform as user interface. After a user starts a new process, it goes to activity A for approval. Then if approved, goes to activity B for approval.
In activity A, there are 2 destination users. Only 1 of them needs to approve for the process to continue. There is ONLY 1 slot created in this activity.
In activity B, there can be any number of destination users to be determined at runtime. All of them needs to approve for the process to continue. There is a slot created for each user in this activity.
The problem is, I realise anyone can open the worklist item of any destination users via the URL link in the email sent from K2. Is this normal? It is fine in activity A where only the destination user can access the link and open their worklist item.
Page 1 / 1
Hi,
The problem is, I realise anyone can open the worklist item of any destination users via the URL link in the email sent from K2. Is this normal? It is fine in activity A where only the destination user can access the link and open their worklist item.
This SHOULD NOT be the case - the URL link in the email should contain a different serial number for each user.
Even if you've only used one destination user's URL and send that to all the destination users, ONLY the one user should be able to open the item.
Regards,
Ockert
When you say anyone can open the worklist item, do you mean even people that are not a destination user?
If so, check the client event contained within Activity B. Specifically, right click on the event and select Properties. Within the dialog, select "Event Item". At the bottom of the list of checkboxes, there is an option for "Allow Any User to finish this client event".
Is this checked? If it is then the behavior you are experiencing is expected; try unchecking this, then export and try out some new process instances.
If so, check the client event contained within Activity B. Specifically, right click on the event and select Properties. Within the dialog, select "Event Item". At the bottom of the list of checkboxes, there is an option for "Allow Any User to finish this client event".
Is this checked? If it is then the behavior you are experiencing is expected; try unchecking this, then export and try out some new process instances.
thanks bob, it is as what you said; the 'allow any user to finish this client event' was checked.
Reply
View our Community Site Map
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.