How do you support a K2 process without being an Admin

  • 18 March 2015
  • 7 replies
  • 0 views

Badge +4

The only way, that I have found, for someone to see a process and know where it is in that process is to be set with a security level of Admin - is there another way?

 

I need to hand support over to my tier one guys so they can field questions for the users.  These would be support people that are not involved in the processes.  They only way I can find to let someone see all the processes is to make them Admin and that is not going to happen.

The business is against letting the end user see the processes they are involved in (like the security role will do) - they want it to come from the tier one support center.  Unless I can push back with, "it's the only way."

 

Any thoughts on how to solve this?

 


7 replies

Badge +7

Hi Jamie,

 

So are you just needing the support people to be able to see the View Flow (http://help.k2.com/onlinehelp/K2blackpearl/UserGuide/current/webframe.html#Reference_-_Workspace_-_Worklist_Actions_-_View_Flow.html) because you could just assign them rights for that. 

 

In [your server] > Workflow Server > Processes > [your process] > Process Rights 

you should be able to just select the View checkbox:

Allows the user to view any process instances of the process, enabling them to draw any report on the process in K2 Workspace, without being a participant in the process

 

The View Participate allows a participant, i.e. the user defined as the destination user for one of the process activities, to view the details of the process instance. The user will only be able to access process reports and the activity instance once it has reached the activity for which they are a destination user

 

See this document for some more details: http://help.k2.com/onlinehelp/K2blackpearl/UserGuide/current/webframe.html#PP-Process_Management_-_ProcessRights.html

 

Does that help at all?

Badge +4

huh - I tried that and my user wasn't able to see anything.  BUT - I did have them looking at SharePoint Process Portal.  Would this make a difference?

I'll do a test using the workspace.

Badge +13

Maybe it works differently with Sharepoint Process Portal?   (I haven't set this up.)

In the out of box K2Workspace it seems you need to have workflow admin rights to see the Worklists item (for redirect).

 

Ideally Workflow Admin configures what Process Admin can perform at a granular level.

-- Allows redirect

-- Allows use of Gotoactivity.

-- Allows Remove

-- Allows Remove from Log.

 

All these could be done with a custom web page using K2 API running under Workflow Admin ID.

Badge +4

I was able to verify that yes giving them View only rights allows them the see the process flows which is what I want.  Thank you! 

I don't need tier 1 taking actions on anything, yet, so that is not a concern at this time.

Follow up question - my user was able to access many more places in the workspace then I wanted.  They were able to see all the tabs (management, notification events, security, user settings) - any way to lock those down?

I don't mind them looking - but the test user was able to create and save a Role and that is not optimal.

Badge +7

Hi Jamie,

 

Glad to hear you got that figured out. As for the tabs I think this is what you're looking for...

 

We would usually suggest the following for the security/management link problem -
To get or remove the management or security links/menu options, you’ll need to contact a K2 admin to give you permissions for those. If you are the admin, here’s the documentation: http://help.k2.com/helppages/k2blackpearluserguide4.6.8/webframe.html#Secuirty%20Reqiurements.html

 

**Note** 

Management or security links/options do not show commonly because someone set security settings and all other accounts are implicitly denied access. Or in other words, if you assign a user, say Bob rights to have the "Notification Events" tab, it will assume everybody who isn't Bob should not have rights to the Notification Events tab. If you assigned Bob and Jenny rights to that tab, then they'd be the only ones who would get the Notification Events tab and nobody else would have it. I hope that makes sense.

Badge +4

Ah, yes.  It's coming back to me now!  I remember we had the issue of "I can't see this anymore".  Solution was to take out the permissions someone set.  Now that I need to denie someone I will need to define those roles.

Thank you for all your help!

Badge +4

I finally have time to set these permissions and I've run into an issue.

In the Workspace Menu Permissions area:

I add a user or group and I still have access as me (I'm in the group), but everyone else is out - can't see the tab. Even if I add thier name specifcally, they still can't see the tab.

BUT - we have a user that is a service account for the environment - adding this user DOES give them permission and removing them DOES hide the tab.

 

Any ideas?

Reply