Skip to main content

Hi,

 

We use the the SharePoint "Site - Management - Group" Smartobject to verify if users are in this group when a form loads and it works fine if I have added myself to the SharePoint group as a direct entry against my AD account "Julie Bird".

 

However, in our organisation we permission all of our sharepoint groups with a cooresponding AD group that has been created for each role (makes permissining maintanence free when people move between roles a lot).

 

Therefore I would add the AD Role User ... ie "SP Coordintaor" to the Sharepoint group instead of myself directlty (of  which julie bird is a member of).

 

However, I can't find a smart object method that will recognise me when I use the AD Role User, it will only recognise me if I add my 'Julie bird' AD role.

 

Any help or suggestions? We really don't want to have to go back to adding individuals into all processes across SharePoint,

 

Thanks, Julie :-)

Hi,


 


Just to clarify, do you mean you are a member of the "SP Coordinator" group? And do you want to check if you are a member of the "SP Coordinator" group, or a member of your SharePoint group?


 


If the AD group "SP Coordinator" is added to the SharePoint group instead of your own AD user account, then obviously using the SharePoint SmartObject will only identify the AD group "SP Coordinator", and not your own account as a member. You will have to check if you are a member if the "SP Coordiantor" AD group instead.


 

Hi.

 

We realised now why using the SP smartobject wouldnt recognise an AD group so are now using the Active Directory 2 smart object and use the 'get users by group' method and then on the config we put in the AD group name and then filter to say return only logged in user and then pass a value to a data label (any value).... Then we use a rule to check that if the data label has a valye, we know the user is in the correct group.

 

HOWEVER.... (always a caveat).  Whilst this works, it only does it at 1 level of AD Group, therefore if i wanted to create an AD group for example "Leave Approvers" and add 5 different AD organisational Roles into this (ie: HR manager, HR Admin Assistants" then this will not work.

 

So the only way around it is to add an indovidual smart object action for every single organisational role that can approve leave which is a problem if a new role would be added to the leave approvers group, because it would rely on te K2 developer to recode the smartform and have to redeploy the solution on live etc...

 

Is there a Smart Object method can that would check if a user is a member of AD group no matter how many levels (in our case 2 levels?   (ie: "Leave Approver Group" - "SP Coordinator Group" - "Julie Bird user")

 

Thanksm Julie

Hi JulieBird,


 


I'm going to suggest the following steps:


1. Register a new Active Directory Service2 instance. Reason is, the default  out of the box Service Instance is used internally by the K2, any changes to it might get overwritten when upgrading/repair the environment. 


https://help.k2.com/onlinehelp/k2five/userguide/5.0/default.htm#ServiceBrokers/ActiveDirectory/Active_Directory.htm


2. Update the ResolveNestedGroups option to True. This should resolve the issue with nested group.



 


 

Thanks Khanh, this sounds promising! 

 

I'll have to get my farm admin to do this next week as I don't have server access, but I will get back to you then to let you know if it worked.

 

Julie :-)

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings