Symptoms

1. When a SP site is configured for K2, it grants the SP groups members and owners Export permissions on the workflow server. Would K2 be aware of any webapp user application policy? For example, would K2 inherit permissions of a site collection admin that is not explicitly listed in either the members or owners group?

2. When a SP list/document library that has been enabled for K2 and deployed in production. Would the members and owners have rights to this? Would it mean that whoever is member and owner can potentially edit that SP list/document library that has been enabled for K2? What measures can be done to prevent this type of behavior?
 

Diagnoses

How To Request
 

Resolution

If a user is not a part of either the Site Members or the Site Owners groups, then they will not be given access automatically with the addition of SharePoint. You can place them in separate groups or you can give them explicit rights on the K2 server, but it will not automatically give them the permissions. As such, it does not check your application policy as far as I know.

As for rights after deployment, only those members with rights on the Production server will have any rights in regards to your artifacts when you deploy them. Which users have rights can be managed using the K2 blackpearl for SharePoint app on your SharePoint site. In the app, there is an option for Configure K2 Permissions. From this screen, you will be able to change which Site Collection Groups can act as Designers and Participants. More information is available here:

http://help.k2.com/onlinehelp/K2Appit/UserGuide/current/default.htm_Management_and_Administration/ManagingK24SPApplicationSettings.htm