Management Service Smart Object permissions

  • 27 September 2019
  • 6 replies



So i have integrated the system User Role to one of my forms (accessible by everyone) that checks whether the logged in user is in a certain role and filters accordingly. I receive an "Access Denied" error message when a user loads the page.

The error message dissappears if the user is an Security Administrator.



- I believe its something on the K2 Management Service Instance

- All form and smart object security is set to allow

6 replies

Hi  @Cal_Muller;


With this phrase "The error message dissappears if the user is an Security Administrator(Access Denied)I could tell that some security rights required for that role(user) to perform that specified task.


You can create custom roles and assign security to people who should be allowed to manage the role. As the role creator, you automatically get Modify, Delete, and Security rights on the role. When you create a new role, the Everyone role automatically inherits modify and delete rights. as depicted in the follwoing image.



With the above said, could you please follow prompts from this formal doc to add custom roles including desired permissions to perform privileged tasks(


I hope it helps...




Hi Widson,


I dont think we are on the same page ; i might understand wrong or carried the problem over incorrect.

But the problem is not the security on the role (i have tested it though - the test user was allocated to all roles and i allowed everything on one of its roles and it still persisted).


So the problem exactly is i have 5 types of transactions shown in a view. Now, the view may only show a transaction to the user if they belong to the "First Transaction Role". This view execute the IsMemeberOfRole method five times and checks for each of these transactions whether the user belongs to them. Then the view is filtered by the outcome.


Now, User Role is a SO that communicates with the K2 Management service instance and i believe the permissions is set here. The user cannot access the management site so they cant execute the SO.


I want the user to be able to be restricted from the management site (or have limited access) but be allowed to execute User Role SO

@Widson please see above reply , thanks


Hi  @Cal_Muller;


Please update your environment according to information from this kb( and test again.


Others provide us with more visual content and erorred screenshots,version of your k2.




Hi  @Widson ,


i currently have K2 Five (5.2) May 2019 CU Fixpack 15 on my environment as well as my client's environment.

If im reading the Page your provided me with;  this is covered.


A thing i noticed is that i dont have this problem in my environment (we also have AAD) but i do have it in the client environment.

Please see below the error:


where the crossed out is a on prem FQN.

The view then doesnt populate.

Now the View executes the IsMemberOfRole method on the current logged in user and filters based on the results. It works for me and if i execute the method with my client's FQN then it also returns true which indicates that the list SHOULD be populated. Thus i think the list is not populated as the user could not execute these methods

Userlevel 1
Badge +6

I have the same issue, was this ever resolved?


It looks I am going to have to use the Get Role Users method from the UMUser SmartObject. Then set a filter for where FQN = Logged in user FQN.


Ideally, I was after a SmartObject whereby you enter a User Name and it returns all the Roles they are in, in a comma separated list.