Skip to main content


 

Symptoms


When using SharePoint Content service instance with Static Credentials against SharePoint site collection on which K2 service account doesn't have any rights, following error message is being thrown when trying to execute Create List Item method of Tasks SmartObject:

Error occurred trying to Execute (SmoSPListItem) - System.Net.WebExcepition: The remote server returned an error: (401) Unauthorized.

It looks like despite static credentials with account which has full rights on targeted SharePoint site collection are specified, K2 service account (which doesn't have any access on this site collection) is still being used somehow. If K2 service account is added to site collection Members group this error doesn't occur.
 

Diagnoses


In aforementioned scenario Static authentication works as expected: the items are created using the speci-fied user configured in the static authentication details. The (401) Unauthorized error message is caused by the fact that for "Assigned To" field (People and Groups Field in SharePoint) verification that specified user exist in SharePoint is being performed using K2 service account, which calls to SharePoint and trying to re-solve user specified in "Assigned To" field into SharePoint ID.
 

Resolution

Site collection administrator rights are necessary for K2 service account for integration with SharePoint. Details about rights necessary for K2 service account can be found in the following section of K2 documentation:
http://help.k2.com/onlinehelp/K2blackpearl/ICG/4.6.8/webframe.html_Before_K2ServiceAccount.html
Please refer to section "SharePoint Server" which stipulates that K2 service account should have Site Collection Administrator permissions. To quote this documentation: “In order for the K2 Service to create sites, assign permissions, work with the SharePoint Workflow Integration features, and for the Identity Service to be able to resolve and cache SharePoint groups, the service account needs to be a Site Collection Administrator on all sites where K2 features are to be used.”

If it is necessary to use static credentials for SharePoint Content service instance other than K2 service account and do not grant any rights on targeted site collection for K2 service account you have to use SharePoint ID instead of user name for "Assigned To" field. To find out SharePoint user ID the "User Information List" SmartObject and its "Get List Items" method.




 
Be the first to reply!

Reply