Solved

Stopping rights to create smartobjects, forms, and workflows in SharePoint Online

  • 4 October 2019
  • 4 replies
  • 237 views

Any user in my SharePoint Online environment who has edit rights or greater can create smartobjects, forms, and workflows. In the old system I could control this by now allowing the user to have designer solution access but now that option has been removed. I have blocked users in the management from access desginer but they are still able to select the K2 dropdown in a sharepoint list or library and go to applications and select smartobjects, forms, and workflows. They are blocked from modifying those but are still able to create them. Anyone have information on how to restrict access to everyone except a select group of people in creating these items?

icon

Best answer by emilyc 5 October 2019, 00:27

Hi bhickok2,



 



By blocking from Management, do you mean removing Workflow Server/process rights? Have you tried adding category security on those SharePoint lists/libraries to block the users from accessing all K2 objects associated with that category? If not, you can add these in by drilling into the SharePoint list category in Management, and then adding explicit "View" rights for whatever users you would like to prevent from creating objects. You can also block them from K2 artifacts completely with "Deny" rights. For more on category authorization, please see the following documentation: https://help.k2.com/onlinehelp/k2cloud/userguide/update_9/default.htm#AuthorizationFramework/Authorization-Framework-Overview.htm#Default_Rights

View original

4 replies

Badge +2

Hi bhickok2,


 


By blocking from Management, do you mean removing Workflow Server/process rights? Have you tried adding category security on those SharePoint lists/libraries to block the users from accessing all K2 objects associated with that category? If not, you can add these in by drilling into the SharePoint list category in Management, and then adding explicit "View" rights for whatever users you would like to prevent from creating objects. You can also block them from K2 artifacts completely with "Deny" rights. For more on category authorization, please see the following documentation: https://help.k2.com/onlinehelp/k2cloud/userguide/update_9/default.htm#AuthorizationFramework/Authorization-Framework-Overview.htm#Default_Rights

Userlevel 3

Hi  @bhickok2 

 

Perhaps we need to do some configurations in ISS.
This doucumenthttps://help.k2.com/kb001309 labelled:
How to restrict access to the K2 smartactions Designer using internet information Services(IIS)
The document touches on :
1. The procedure
2. Accessing IIS Authorisation Rules
3. Adding Users
4. Adding groups
5. Internet Information Service 10

The document also updated 20*personal details removed* references on K2 Five, K2 blackpearl 4.7, K2 smartforms 4.7

There are a couple of links within the document that can be of great help to the issue at at hand

I hope this will soccours.

In K2 Cloud and Later versions of onprem you should be able to lock down with the following.

1) In K2 Management > Designer, Add only the K2 Admins with permissions to access designer, this will block all other users from accessing the K2 Designer and deisgning Views, Forms, SmartObject and Workflows cannot be done
https://help.k2.com/support-services/kbt169060
2) In K2 Management > Workflow Server > Process Rights. Ensure only the Admins has Admin and Export rights. If user has export via direct permission or via group it will still give them the ability to deploy SmartObjects and Workflows if accessed by another method outside of K2 Designer.

HTH
Vernon

Thanks for sending me in the right direction. I needed to deny access to everything in the categories except the view and execute options. This eliminated the hole.

Thanks,

Ben

Reply