I've assigned "Start" & "View" permissions to security groups from AD but that does not work for any user within that group.
However, it works only when the individual user account is given the relevant permissions. But that is a temporary workaround since adding individual users from AD, is an administrative overhead.
Any ideas?
Start permissions to AD "Groups" not working
+1
Page 1 / 2
+4
I assign all my user permissions by granting permissions to a group the users are members of. The only problem I've had so far is that groups within groups does not appear to be supported. Pity, that's how role-based security is supposed to be set up.
+5
For me, I've assigned "start, view, view participate and server event" permisisons to a group. All is well, BUT the start permissions aren't picked up for a group, so I have to add everybody individually. Is this a known bug? How can we ensure the Start group permissions work properly?
+9
Is this a Build-In AD group or a custom security group created in AD?
+5
It's not in the Builtin group (not like guests, admins etc); we've created a custom one that fits under MyBusiness group. Please let me know if you'd like me to provide more details, and I'll get one of the IT guys to respond.
+9
version of K2.net?
+5
SP2a
+9
One last question, is the type of group: Security Group or Distribution list?
+5
Global Security group
+2
Hi there
K2.net Server can actually resolve nested groups although this is not activated by as it may cause some Performance issues in a complex AD structure. You can however enable Nested Groups resolution by using K2 Service Manager, going to the Properties Page for the K2.net Server and selecting the User Manager Tab. In the Data Section specify the string: "ResolveNestedGroups=True" as shown in the attached file. Click on OK and restart the K2.net Server. This should solve your problem regarding the Nested groups.
When you have a group which does not seem to resolve in the expected way you can have a look at the AdumError.txt file in the Program FilesK2.net 2003Bin folder to see if any errors were logged. If so there might be a lot of reasons for the resolution in failing, one being the LDAP string in the K2Server.Config file might be incorrect. There are a lot of Forum postings around the setup of the LDAP strings, please do a search for more info.
Cheers
C.
K2.net Server can actually resolve nested groups although this is not activated by as it may cause some Performance issues in a complex AD structure. You can however enable Nested Groups resolution by using K2 Service Manager, going to the Properties Page for the K2.net Server and selecting the User Manager Tab. In the Data Section specify the string: "ResolveNestedGroups=True" as shown in the attached file. Click on OK and restart the K2.net Server. This should solve your problem regarding the Nested groups.
When you have a group which does not seem to resolve in the expected way you can have a look at the AdumError.txt file in the Program FilesK2.net 2003Bin folder to see if any errors were logged. If so there might be a lot of reasons for the resolution in failing, one being the LDAP string in the K2Server.Config file might be incorrect. There are a lot of Forum postings around the setup of the LDAP strings, please do a search for more info.
Cheers
C.
+5
Nested Groups resolution doesn't seem to achieve ( and thankfully break ) anything.
Checking the AdumError.txt file, the errors are for the most part about the anonymous logon, which occurs when somebody attempts to open an InfoPath form using the Run As... in IE.
13-09-05 11:38:07 NameToDN
Could not Resolve the NameToDN because the SamAccountName could not be resolved
at ADUM.Translate.NameToDN(String name)
Additional Information
NameToDN(Name: NT AUTHORITYANONYMOUS LOGON)
K2 Server is configured as suggested in the posts...
This is not an issues when only a couple of people can start the process, but will be much more of an issue when 50 or so can start it. I guess, maybe this would be the right time to get one of the IT guys to start a formal request for support...
Checking the AdumError.txt file, the errors are for the most part about the anonymous logon, which occurs when somebody attempts to open an InfoPath form using the Run As... in IE.
13-09-05 11:38:07 NameToDN
Could not Resolve the NameToDN because the SamAccountName could not be resolved
at ADUM.Translate.NameToDN(String name)
Additional Information
NameToDN(Name: NT AUTHORITYANONYMOUS LOGON)
K2 Server is configured as suggested in the posts...
This is not an issues when only a couple of people can start the process, but will be much more of an issue when 50 or so can start it. I guess, maybe this would be the right time to get one of the IT guys to start a formal request for support...
+11
It does not look like your problem is w.r.t. Nested Groups. It looks like it is an authentication/delegation issue because the Anonymous user should not start the process, the logged-on user should start the process.
I agree, this would be a good time to open a formal support request as it can be caused by a variety of different setup and environmental settings.
Regards,
Ockert
I agree, this would be a good time to open a formal support request as it can be caused by a variety of different setup and environmental settings.
Regards,
Ockert
+3
I have similar problem on my development machines :(
Any feedback from the K2?
Any feedback from the K2?
+11
Version of K2.net?
Any errors in ADUMerror.txt?
Security Group or Distribution List?
Regards,
Ockert
Any errors in ADUMerror.txt?
Security Group or Distribution List?
Regards,
Ockert
+3
Ockert:
Version of K2.net?
Any errors in ADUMerror.txt?
Security Group or Distribution List?
We are using SP2a.
I am not sure about where to find this file - ADUMerror.txt
We are adding Domain Users group, which is a Security group.
Thanks.
+11
Have a look in '......K2.net 2003Bin' for the ADUMerror.txt file. Default installation: 'C:Program FilesK2.net 2003Bin'.
Do you get the same problem with ALL Security Groups OR only 'Domain Users'? Try to create a different group and see whether the Start permissions apply to the users contained within.
Regards,
Ockert
Do you get the same problem with ALL Security Groups OR only 'Domain Users'? Try to create a different group and see whether the Start permissions apply to the users contained within.
Regards,
Ockert
+3
The ADUMerror.txt said:
5:49 PM 10/18/2005
18-10-05 05:35:08 GetUser
DirectorySearcher returned no results
at ADUM.K2UserManager.GetUser(String Name)
Additional Information
GetUser(K2MEGAK2MEGASRV$)
I have tried creating different group with users but still do not have the permission to start the process....
5:49 PM 10/18/2005
18-10-05 05:35:08 GetUser
DirectorySearcher returned no results
at ADUM.K2UserManager.GetUser(String Name)
Additional Information
GetUser(K2MEGAK2MEGASRV$)
I have tried creating different group with users but still do not have the permission to start the process....
+11
I assume your using the K2.net training VPC.
Can you please post a screenshot of the Logon ID of the K2.net Server Service?
Thank you,
Ockert
Can you please post a screenshot of the Logon ID of the K2.net Server Service?
Thank you,
Ockert
+9
Start the K2.net Server service with a valid domain account, currently it Is making use of local system that can cause the issues experienced. Please test and come back to me with the results.
+3
I assume your using the K2.net training VPC.
Can you please post a screenshot of the Logon ID of the K2.net Server Service?
Yes, we are using K2 Training VPC.
See below for the screen shot.
Thanks
+3
Start the K2.net Server service with a valid domain account, currently it Is making use of local system that can cause the issues experienced. Please test and come back to me with the results.
we have set the K2 .net Server server to logon as "administrator", but we still get the same error.
:(
+3
Can you please post a screenshot of the Logon ID of the K2.net Server Service?
Are you refering to here? I have set it to use administrator account too. But it still does not work.
+3
Just went to check out the K2 database, and noticed that in "_ProcInst" table, all process instance's orginator is under the administrator.
Is it correct?
Thanks.
Is it correct?
Thanks.
+9
Hi,
Looking at the last couple of posts I have the following concern: Based on the K2.net Server Startup account I can see that you are working on the Training VPC, however the screen cap of the database table makes me believe that you are working on the Eccentrix VPC.
The first thing that we need to do is to figure out what VPC you are working on and make sure that the startup account is the correct account.
Looking at the last couple of posts I have the following concern: Based on the K2.net Server Startup account I can see that you are working on the Training VPC, however the screen cap of the database table makes me believe that you are working on the Eccentrix VPC.
The first thing that we need to do is to figure out what VPC you are working on and make sure that the startup account is the correct account.
+3
Sorry for the confusion..
You are right. We are working on 2 VPCs: Training VPC and Eccentrix VPC.
The Training VPC has Start process permission problem, while the Eccentrix VPC has error opening worklist item.
You are right. We are working on 2 VPCs: Training VPC and Eccentrix VPC.
The Training VPC has Start process permission problem, while the Eccentrix VPC has error opening worklist item.
+9
Is this discussion related to the Eccentrix VPC has error opening worklist item issue that you have?
http://forum.k2workflow.com/viewtopic.php?p=2212#2212
http://forum.k2workflow.com/viewtopic.php?p=2212#2212
Page 1 / 2
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.