Skip to main content

Symptoms

 


A user with "View Participate" rights who has participated in a workflow by actioning a task CANNOT see the “Activity Instances” information in the process overview report in K2 Workspace and in the Service Tester, executing the “Activity Instance” SmartObject (Workflow Reports > Workflow General > Activity Instance).
However, if the same user executes the Event Instance SmartObject (Workflow Reports > Workflow General > Event Instance) he is able to see the data for the workflow issuance.
 

 

 

Diagnoses

 

 


The concern here is that the “View Participate” rights are either not working properly or there is an underlying vulnerability which can be exploited via the Service Tester tool i.e. by executing the Event Instance SmartObject.
 

 

 

Resolution

This is not a security vulnerability but is a bug in the product with "View Participate" rights.  Ideally, any user with "View Participate" rights who has participated in a workflow by actioning a task SHOULD be able to see the “Activity Instances” information related to that task.

This known limitation may be addressed in a future release.

 

 

 

 

Be the first to reply!

Reply