Just need to confirm what the ALLOW option actually does when securing actions on client events and how it could be applied to securing action when users belong to multiple K2 Roles.
Inregards to securing an action, by default if no security is applied (i.e. NO ALLOW or DENY, its all empty) then every user who has access to the client event will have access to the actions.
If we try and secure an action (for example ActionA) using the following configuration using K2 roles
ActionA
K2Role1 – Allow
K2Role2 – Deny
If we run the workspace as a user who belongs to both roles (K2Role1 and K2Role2) the user does NOT have access to ActionA.
In summary:
We have an activity with a client event that has the destination users set to K2Role1 and K2Role2
We have an action coming out of that activity called ActionA
We have two users:
- UserA belonging to K2Role1
- UserB belonging to K2Role1 and K2Role2
- UserC belonging to K2Role2
We want to secure ActionA so it can ONLY be accessed by anyone in K2Role1
So we thought we could ALLOW only the specific users and NOT explicitly deny users, but this does not seem the case. Can anyone else confirm this or did your head just explode?