Symptoms

A user with "View Participant" rights who has participated in a workflow by auctioning a task CANNOT see the ?Activity Instances? information in the process overview report in K2 Workspace.
Same thing in the Service Tester, if the user executes the ?Activity Instance? SmartObject( Workflow Reports -andgt Workflow General-andgt Activity Instance)
However, if the same user execute the Event Instance SmartObject( Workflow Reports -andgt Workflow General-andgt Event Instance) they are able to see the data for the workflow issuance.
 

Diagnoses

The concern now becomes that the ?View Participate? rights is either not working properly or it has an underlying vulnerability that can be exploited via the Service Tester tool i.e. by executing the Event Instance SmartObject.
 

Resolution

This not a security vulnerability but rather a bug in the product with "View Participate" rights.
Ideally, a user with "View Participant" rights who has participated in a workflow by auctioning a task SHOULD be able to see the ?Activity Instances? information related to that task.

We have logged this as a bug, and will be addressed in a future release.