When you run the K2 for SharePoint Registration Wizard after locking down your environment using the Authorization Framework, you may see the following error:

SmartObject Server Exception: [Service Acccount] does not have Create rights on the 'Public Folder' Category.. SmartObject: [Site]

Image

The error occurs because the K2 Service account, which is used during the registration process to create the SharePoint SmartObjects, does not have Create rights on the main Categories node. By default, the K2 Service account is a member of the Everyone role which contains the Create: Allow right on the Categories node. When you remove the Everyone role from the Categories node prior to running the Registration Wizard, the error occurs.

Resolution

To resolve this error, give the K2 Service account Create rights on the Categories node using K2 Management.

You must be a member of the K2 Administrators role to access K2 Management.

Follow these steps to give Create rights to the K2 Service account:

  1. Open K2 Management and click Categories.
  2. On the Security section, click Add.
    Image
  3. On the Add Users, Groups and Roles page, search for your K2 Service account, click Add and then OK.
    Image
  4. Select Allow in the Create right.
    Image
  5. Rerun the Registration Wizard and the error no longer occurs.