Introduction

This topic has been updated and the latest version is available in the K2 Five User Guide How to section.

This article describes how to restrict access to the K2 Designer using Internet Information Services (IIS). Follow the steps below to set up authorization rules in IIS to give specific groups or users permissions to access the K2 Designer.

Implementation

The K2 Designer site in IIS can be restricted for use by specific groups or users. 

If your environment has K2 smartforms 1.0.2 or greater installed an additional step is required:

  • All application pool users need to be added
  • The K2 service account user needs to be added

Image

Multiple rules can be added specifying different roles. Permissions can be granted to specific groups and users. Only groups and users which have been granted access will be able to open the K2 smartforms Designer site.

See the examples below to allow users and groups access. Perform the following steps to apply these permissions:

  1. Navigate to Start > All Programs > Administrative Tools > Internet Information Services Manager
  2. In IIS Manager, locate the Designer site and double click the icon Authorization Rules

    Image

  3. Select the Allow All Users rule and click Edit on the right

    Image

    1. Select the option Specified users and type the user name.

      Image

    2. Click OK.

      Image

    The GroupSID is required to add a group. Install the AD module for Powershell and run get-ADGroup -Identity "Group_name" to get the GroupSID value. Alternatively, use this Powershell script without installing the AD module to get the GroupSID value.

    $objUser = New-Object System.Security.Principal.NTAccount("Domain name", "Group name") $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $strSID.Value

    For example

    $objUser = New-Object System.Security.Principal.NTAccount("DENALLIX", "Domain Users") $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $strSID.Value

    Image

    1. In IIS, select the option Specified roles or user groups then copy and paste the GroupSID from Powershell.

      Image

    2. Click OK.

      Image