Symptoms
K2 Role Issue
Diagnoses
When you have a client event that sends a K2 task to users for approval. A K2 Role for the Destination Sets is used. However one of users within the K2 Role does not get the Task.
What is the cause of the of the one user not being able to get the user task ?
Resolution
Depending on the make up of the environments in question, this can occur if there are multiple domains configured here. If this is the case then you will have to have to go into workspace under user manager and do the following:
Make sure the "Unresolved nested groups" is unchecked
Make sure that "Ignore security principles"is checked.
After this you should see that the user gets the task here.
The purpose of this change was the following:
A ForeignSecurityPrincipal is required when expressing a relationship between groups in the local forest and security principals that exist across an external or cross-forest trust. The impact the setting may have will depend on the number of cross-domain membership the company may have.
So, if users from domain1 belongs to groups within domains 2, 3 and 4 (and vice versa) ? these memberships will not be resolved. It can potentially have a huge impact because in essence it means we either bind to 1 domain controller and resolve a user?s nested group membership on that domain vs binding to all 4 domains and recursively resolve nested group membership on each domain controller.