This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided "as is" with no warranties.

Issue

When trying to create a package on a production environment, the following error appears:

User does not have SmartObject publish rights

The user account does appear to be part of the package & deployment role, as well as the security admin role.

Symptoms

This validation error may be appearing due to users present within the SmartObject with publish rights. Note that only legacy Delete rights on the SmartObject Security node was deprecated in K2 Cloud Update 7, not Publish rights. Legacy SmartObject delete rights have been deprecated, this also applies to the authorization framework.

There is an additional consideration to take into account, as soon as any SmartObject publish permission have been set, only those users/groups can publish SmartObjects. Package & Deployment and Security Administrators role membership does not affect the legacy SmartObject publish rights.

The authorization model uses an optimistic approach. If no permissions are defined, any user can publish and delete SmartObjects. As soon as a permission is defined, only those users/groups can perform the specified operations and no other users will be able to publish SmartObjects.

More information on this can be found here: https://help.k2.com/onlinehelp/k2cloud/userguide/update_7/default.htm#K2-Management-Site/Integration/SmartObjectSecurity.htm

Troubleshooting Steps

If you do run into this issue please do log a support ticket (http://portal.k2.com/ticket/default) as our operations team will have clear out any users that may have Smart Object permissions already applied on the environment pre K2 Cloud Update 7.