What are Access levels in ServiceNow ?

RoliTripa · ‎08-30-2023

ServiceNow consist of Knowledge, Incidents, Service Catalog, Virtual Task Boards as part of their offering. Knowledge articles are organized inside Knowledge bases in ServiceNow. There are four ways to control user access to knowledge base or article in ServiceNow.

User criteria set for entire Knowledge base or a specific KB article.

Knowledge workflows

Domain separation

Access Control List rules

Can someone please explain these ways to control user access. Including examples is really helpful.

SwarnadeepNandy · ‎09-01-2023

@RoliTripa

NO, Access Control List (ACL) rules and Advanced user criteria script in ServiceNow are not the same. They are different ways of controlling access to data and functionality in the platform.

ACL rules are used to define the conditions that a user must meet to access a specific object and operation, such as a table, a field, or a UI action. ACL rules are evaluated at runtime and can use scripts or conditions to check the user’s role, group, or other attributes. For more details on how ACL rules work, see this article or this article.

Advanced user criteria script is a feature of Knowledge v3 that allows you to create custom logic to determine which users can access a knowledge base or a knowledge article. Advanced user criteria script is executed when a user tries to view or edit a knowledge base or a knowledge article, and can use Glide APIs to access the user’s information and the knowledge record’s information. For more details on how advanced user criteria script works, see this article.

Hope this helps.

Kind Regards,

Swarnadeep Nandy

View solution in original post

RoliTripa · ‎09-01-2023

Thanks @SwarnadeepNandy for explanation.

View solution in original post

SwarnadeepNandy · ‎08-30-2023

Hello @RoliTripa,

I can explain the four ways to control user access to knowledge base or article in ServiceNow. Here is a brief overview of each method:

User criteria: User criteria are records that define a set of conditions to determine the availability of catalog items, variables, variable sets, and order guides for different users. You can create user criteria based on various attributes, such as roles, groups, locations, departments, or custom fields. You can apply user criteria to a knowledge base or a specific knowledge article to control who can read or contribute to them. For example, you can create a user criteria that only allows users with the role of itil to access a knowledge base called IT Support. For more information, see User criteria.
Knowledge workflows: Knowledge workflows are workflows that automate the approval and publishing process of knowledge articles. You can create knowledge workflows using the Workflow Editor and assign them to a knowledge base or a specific knowledge article. You can define the workflow stages, transitions, conditions, and actions that control the lifecycle of a knowledge article. For example, you can create a knowledge workflow that requires a manager’s approval before publishing an article to a knowledge base called HR Policies. For more information, see Knowledge workflows.
Domain separation: Domain separation is a way of partitioning data into logical groupings called domains. You can use domain separation to isolate the data and processes of different business units, customers, or departments within a single ServiceNow instance. You can apply domain separation to a knowledge base or a specific knowledge article to control who can access them based on their domain. For example, you can create a domain for each region of your company and assign different knowledge bases to each domain. For more information, see Domain separation in Knowledge Management.
Access Control List rules: Access Control List (ACL) rules are rules that define the permissions for accessing tables, fields, records, or operations in ServiceNow. You can create ACL rules using the Access Control module or by writing scripts. You can apply ACL rules to a knowledge base or a specific knowledge article to control who can read, write, create, delete, or update them based on their roles or other conditions. For example, you can create an ACL rule that only allows users with the role of admin to delete articles from a knowledge base called Legal Documents. For more information, see Access Control List rules.

I hope this helps you to understand the ways to control user access.

Kind Regards,

Swarnadeep Nandy

Harish Bainsla · ‎08-30-2023

User Criteria Set for Knowledge Base or Article: This method involves defining specific user criteria, such as roles or groups, that determine who can access a knowledge base or article. Users who match the specified criteria will be granted access, while others will be denied.
Example: Let's say you have a knowledge base named "IT Support" that contains articles related to technical issues. You might create a user criteria set named "IT Support Team" and assign it to the "IT Support" knowledge base. This set includes the roles "IT Support Specialist" and "IT Support Manager." Users with these roles will be able to access the articles in the "IT Support" knowledge base.
Knowledge Workflows: Knowledge workflows define the approval process for knowledge articles before they are published. By controlling the workflow, you can restrict access to articles until they have gone through a specified review process.
Example: In a scenario where sensitive information needs to be reviewed before publication, you can create a workflow that requires approval from a "Compliance Officer" role. Until an article is approved by a user with this role, it remains inaccessible to others.
Domain Separation: Domain separation allows you to isolate data and processes within distinct domains, ensuring that users from one domain cannot access data from another domain. This is particularly useful in a multi-tenant environment.
Example: Consider a company with two subsidiaries, A Corp and B Corp. Each subsidiary operates in a separate domain within ServiceNow. You have a knowledge base called "HR Policies." By applying domain separation, you can ensure that only users from A Corp have access to the HR policies of A Corp, and users from B Corp can only access the HR policies of B Corp.
Access Control List (ACL) Rules: ACL rules are used to define fine-grained access controls based on conditions and roles. You can specify who can read, write, update, or delete records based on various criteria.
Example: Suppose you have a knowledge article containing confidential financial information. You can create an ACL rule that restricts access to this article to users with the "Finance Manager" role. This way, only authorized finance managers will be able to view the article's content.
please mark helpful and accept solution if you get answer

RoliTripa · ‎09-01-2023

@Harish Is Access Control List (ACL) Rules and Advance user criteria script are same?

SwarnadeepNandy · ‎09-01-2023

@RoliTripa

NO, Access Control List (ACL) rules and Advanced user criteria script in ServiceNow are not the same. They are different ways of controlling access to data and functionality in the platform.

ACL rules are used to define the conditions that a user must meet to access a specific object and operation, such as a table, a field, or a UI action. ACL rules are evaluated at runtime and can use scripts or conditions to check the user’s role, group, or other attributes. For more details on how ACL rules work, see this article or this article.

Advanced user criteria script is a feature of Knowledge v3 that allows you to create custom logic to determine which users can access a knowledge base or a knowledge article. Advanced user criteria script is executed when a user tries to view or edit a knowledge base or a knowledge article, and can use Glide APIs to access the user’s information and the knowledge record’s information. For more details on how advanced user criteria script works, see this article.

Hope this helps.

Kind Regards,

Swarnadeep Nandy