Nested groups: process rights not carried over
kbt136217
PRODUCTK2 blackpearl 4.6.11 to 4.7
BASED ONK2 blackpearl 4.7
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.
Issue
Certain users belonging in nested groups are not able to trigger Workflows, despite being granted start rights.Symptoms
Some users belonging in nested groups don't have their process rights carried over:
Example
"UserA" who is a member of "SubGroupA," is not able to start a process instance.
"SubGroupA" is a member of "MainGroup".
"MainGroup" has been granted with process start rights.
Troubleshooting Steps
- Enable the Resolve Nested Group property from either K2 Workspace or K2 Management.
On K2 Workspace:
On the K2 Management site:
- Restart the K2 Blackpearl service.
- Run the script to expire the group:
e.g.
UPDATE [K2].[Identity].[Identity]
SET [ExpireOn] = GETDATE(),
[Resolved] = 0,
[ContainerResolved] = 0,
[ContainersExpireOn] = GETDATE(),
[MembersResolved] = 0,
[MembersExpireOn] = GETDATE()
WHERE FQN = 'K2:DENALLIXMainGroup'
- Run the UMUser Get Group Users SmartObject method from the SmartObject Service Tester and provide the name of the AD Group and the security label.
