< class="prominent-subhead ">

30011 [username] is not a member of the Package and Deployment role and cannot create or deploy packages

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


When attempting to create a package, the following warning appears:


30011 [username] is not a member of the 'Package and Deployment' role and cannot create or deploy packages.


When attempting to create a package, the following warning appears:

30011 [username] is not a member of the 'Package and Deployment' role and cannot create or deploy packages.

This behavior is due to a new functionality introduced in the latest update; the Authorization Framework. This introduced the "Package and Deployment" role as per:

"Any person needing to package or deploy K2 solutions must be a member of this role."

Authorization Framework > 'Package and Deployment' role

When attempting to add self to 'Package and Deployment' role, it shows a warning message indicating:


AAD:[username] cannot perform Modify on Package and Deployment.

Even though this account is a Server Admin.

To add users to the 'Package and Deployment' role, the account will need to be a part of the 'Security Administrators' role.

However, looking at the 'Security Administrators' role, only the 'K2Service' account is a member. This is a K2 account and is not accessible in K2 Appit/K2 Cloud.


From the same documentation mentioned above:

"In a cloud environment, the Tenant Admin and K2 Service Account is added to the Security Administrators role when the registration wizard is run".

Troubleshooting Steps

Run the Registration Wizard as the tenant admin account, as this will grant the tenant admin account membership to the 'Security Administrators' role. This will allow this tenant admin account rights to grant other accounts membership to the 'Security Administrators' role and/or 'Package and Deployment'.

The Registration Wizard will usually reside within K2 App that is added to the Site Contents of the App Catalog site:




The tenant admin account (also known as Global Admin) is only applicable to K2 Appit/K2 Cloud, or K2 Hybrid (K2 Five on-prem connected to SharePoint Online).

The Tenant/Global Admin is a Office365 role that can be assigned to an Office 365 user:


* This account will usually be the account that was used to add and Trust the K2 App for SharePoint Online/Office 365.