Symptoms
When an Active Directory Group with nested groups is added to the Process Rights of a K2 process, then not all users in that group are able to start or action the process (according to the permissions set).
Diagnoses
This seems like a bug in K2 and a coldfix was issued.
Resolution
We made sure "Resolve Nested Groups" is enabled in K2 Management Console (under User Manager - K2 - Settings). We also applied a coldfix to the environment, specifically this one:
TFS _573549 - K2 ADUM Rollup for 4.6.11
After doing the above, it seems all users are able to start / action K2 workflows/processes correctly, even if an AD Group with nested groups is added to the Process Rights section.
Due to "Resolve Nested Groups" being enabled in Management Console, this incurred considerable performance slow-down. We saw in the ADUM logs there were a lot of errors with references to "Foreign Principals", therefore we also enabled the checkbox "Ignore Foreign Principals", this seemed to increase performance again. However, due to the substantial performance hit of resolving nested groups, it won't be the same as before.