I’m currently reading splendid piece of writing entitled “K2 blackpearl Best Practices“, which despite being published very long time ago still not lost its relevance. Just wanted to note one of the points contained in this document:
Refrain from using K2 management APIs within process solutions as the use of these requires that the identity of the user executing the code has administration rights. In particular this includes the management APIs contained within the SourceCode.Workflow.Management, SourceCode.ManagementAPI, SourceCode.SmartObjects.Services.Management, and SourceCode.SmartObjects.Services.SmartBox.Management assemblies, but any assembly with ‘Management’ in the name typically requires permissions on the server that a typical user will not have. Occasionally use of these APIs is required but it should be kept to a minimum.
Just highlighting this as important point as I saw cases where K2 clients tried to use this and expected those things to work without Administrative rights. Just jotting this down along with primary source which mentions this caveat.