When upgrading your environment to K2 Five (5.2/5.3), if you have invalid role entries in the database, a SQL exception will occur. These invalid roles occur in upgraded environments, mainly upgrades from K2.NET 2003, to K2 blackpearl, and then to K2 Five. Additionally, these types of invalid roles will cause an upgrade issue:
- Enabled K2.NET 2003 roles with no members.
- Enabled K2.NET 2003 roles where members were added and an auto upgrade to K2 blackpearl roles occurred.
- Disabled roles created by assigning a role to a workflow using the K2 Management site.
- Activity destinations do not resolve correctly, and roles goes into an error state with the following message: "An activity with a client event should at least have one destination".
In K2.net 2003, roles were associated with a provider label for the purposes of membership resolution. In K2 blackpearl, the role system was enhanced so that a provider label was no longer necessary. A migration path allowed the legacy roles to be available in K2 blackpearl. In K2 Five (5.2/5.3), these roles are copied to a new role table which is part of the authorization framework. If invalid roles exist after the legacy roles are copied, a SQL exception occurs and the roles are not copied over. This can lead to issues when using the roles in workflows, running instances, or maintaining roles using K2 Management. The colon character (-) is a reserved character from K2 5.2 onwards. It is used in security labels and its use in role names will result in an invalid role name.
To resolve the invalid roles in the database, log a support ticket. After the ticket is resolved you can upgrade to K2 5.2. The K2 Setup Manager checks for invalid roles in your environment at the start of the upgrade. If any exist, you are blocked from upgrading to K2 5.2 and the following message displays:
"Setup cannot continue because one or more invalid roles were found. Please contact K2 Support to resolve this issue. See Invalid Roles Detected during Setup for more information."