When upgrading your environment to K2 Five (5.2), if you have invalid role entries in the database, a SQL exception can occur. These invalid roles occur in upgraded environments, specifically upgrades from K2.NET 2003, to K2 blackpearl, and then to K2 Five. Three types of invalid roles are possible in this scenario:

  1. Enabled K2.NET 2003 roles with no members.
  2. Enabled K2.NET 2003 roles where members were added and an auto upgrade to K2 blackpearl roles occurred.
  3. Disabled roles created by assigning a role to a workflow using the K2 Management site.

In 2003, roles were associated with a provider label for the purposes of membership resolution. In K2 blackpearl, the role system was enhanced so that a provider label was no longer necessary. A migration path allowed the legacy roles to be available in K2 blackpearl. In K2 Five (5.2), these roles are copied to a new role table which is part of the authorization framework. If invalid roles exist after the legacy roles are copied, a SQL exception occurs and the roles are not copied over. This can lead to issues when using the roles in workflows, running instances, or maintaining roles using K2 Management.

To resolve the invalid roles in the database, log a support ticket. After the ticket is resolved you can upgrade to K2 5.2. The K2 Setup Manager checks for invalid roles in your environment at the start of the upgrade. If any exist, you are blocked from upgrading to K2 5.2 and the following message displays:

"Setup cannot continue because one or more invalid roles were found. Please contact K2 Support to resolve this issue. See Invalid Roles Detected during Setup for more information."


 You can run the script in KB002869 - Known Issue: Duplicate Named Roles before upgrading to check for invalid roles in the database.