ACL overriding user criteria for knowledge base

Utkarsha
Tera Contributor

‎11-21-2024 09:56 AM - edited ‎11-21-2024 09:58 AM

Hello All,

I have been working on this user criteria defined for some type of policies...but 😕 it's not working anymore.

I figured out there is an acl defined on kb_knowledge table granting access for admin users...I kinda wanted to restrict this access.

I checked by deactivating that acl, it worked along with the user criteria...My concern is that I can't deactivate that acl completely as other users with admin need to have read access on policies. I am using below user criteria 

I want users with global security domain snd policy owners approvers and reviewers, owning group members should be able to see kb articles belonging to global security domain

Could anyone please suggest me what is the best way to restrict access here only for kb articles belonging to domain global security 

Any sort of help here is highly appreciated 🙂 

Thank you

User criteria for global security domain policies 
 
 // Get the current user ID
 
 gs.info("Evaluating user criteria for user ID: " + user_id);
 
 var result = (function(user_id) {
     // Define the fields to check for the user ID
     var fields = ['u_policy.approvers', 'u_policy.reviewers', 'u_policy.owner'];
 
     // Check if the user ID is in any of the specified fields
     var isUser = fields.some(function(field) {
         var tableGR = new GlideRecord('kb_knowledge');
         tableGR.addQuery('u_policy.u_domain', 'Global Security');
         tableGR.addQuery(field, 'CONTAINS', user_id);
         tableGR.setLimit(1); // Limit to one result for efficiency
         tableGR.query();
 
         if (tableGR.hasNext()) {
             gs.info("User found in field: " + field);
             return true; // Exit the loop on the first match
         }
         return false;
     });
 
     if (isUser) {
         return true; // User found in specified fields
     }
 
     // If not found in the specified fields, check if the user is part of a valid group
     var validGroup = new GlideRecord('kb_knowledge');
     validGroup.addEncodedQuery('u_policy.owning_groupDYNAMICd6435e965f510100a9ad2572f2b47744^u_policy.u_domain=Global Security');
     validGroup.setLimit(1); // Limit to one result for efficiency
     validGroup.query();
 
     if (validGroup.hasNext()) {
         var userGrp = validGroup.u_policy.getDisplayValue('owning_group');
         var grUser = new GlideRecord("sys_user_group");
         grUser.addQuery('name', userGrp); // checks if group name is owning group 
         grUser.query();
 
         while (grUser.next()) {
             if (gs.isMemberOf(grUser.getValue('name'))) {
                 gs.info("User is a member of a valid policy-owning group.");
                 return true; // User is part of a valid group
             }
         }
     }
 
     // If neither condition is true, return false
     gs.info("User not found in specified fields or valid groups.");
     return false;
 })(user_id);
 
 // Log the final result
 gs.info("Does the user meet the criteria? Result: " + result);
 answer = result;
0 Helpfuls
  • 534 Views
1 REPLY 1

Kieran Anson
Kilo Patron

‎11-24-2024 01:41 PM

Responded to this in SNDevs.com but updating here too encase someone sees in the future. 

 

This can be achieved via a scoped knowledge base 

 

https://www.servicenow.com/docs/bundle/xanadu-servicenow-platform/page/product/knowledge-management/...