Define User Criteria | Knowledge Management

gauravchoudhury · ‎09-14-2017

Folks,

There is a small doubt I have on which I need clarification. Any feedback would be helpful.

Most of us are aware of this User Criteria function in ServiceNow which gives us the ability to restrict data access to a group. We can create user criteria records that define conditions for user information. Then apply these criteria records to control access to these items and categories.

"Knowledge Administrators" (one with knowledge_admin role) can only create knowledge bases and manage the default knowledge base (i.e., which have been assigned to them).

My understanding states, only ServiceNow administrators can control access to content in the knowledge bases by creating and applying or defining user criteria records. We can create user criteria records that define conditions for user information. Then apply these criteria records to control access to these items and categories.

My question is... The following understanding that I stated above; is this correct ??

Can someone with a knowledge_admin role could also do the above (i.e., define a user criteria for knowledge bases) ?

If not, please enlighten me.

Raju Koyagura · ‎09-14-2017

"user_criteria_admin" can define User Criteria. Not the knowledge_admin. This "user_criteria_admin" role also included in "catalog_admin" so basically defining user criteria is allowed the users how has user_criteria_admin or catalog_admin or admin roles.

View solution in original post

Raju Koyagura · ‎09-14-2017

"user_criteria_admin" can define User Criteria. Not the knowledge_admin. This "user_criteria_admin" role also included in "catalog_admin" so basically defining user criteria is allowed the users how has user_criteria_admin or catalog_admin or admin roles.

gauravchoudhury · ‎09-14-2017

Thank you Raju!

Ujjawal Vishnoi · ‎09-14-2017

Right Gaurav, knowledge_admin do not provide ability to create user criteria.

Regards

Ujjawal

Dave Smith1 · ‎09-14-2017

Gaurav Choudhury wrote:

My understanding states, only ServiceNow administrators can control access to content in the knowledge bases by creating and applying or defining user criteria records. We can create user criteria records that define conditions for user information. Then apply these criteria records to control access to these items and categories.

That IS incorrect. There are three main roles and a number of different categories of user when it comes to managing KBs:

user_criteria_admin - role required to define user criteria
knowledge_admin - can create knowledge bases, assigns a KB owner to it. That owner gets knowledge_manager role.
knowledge_manager - can modify characteristics of their knowledgebase, including adding/removing knowledge managers (who get/lose knowledge_manager role). Only the KB owner can't be removed from this list.

In terms of Knowledge Managers modifying KB characteristics, the following can be specified:

Can Read - a whitelist of who has visibility to KB content, defined by User Criteria. Blank means unrestricted, i.e.: anyone.
Can Contribute - a whitelist of content authors for this KB. Blank means nobody, i.e.: only knowledge managers can add content. By default, contributors are also readers, so don't need to be added to both lists.

Generally, the admin role should be perceived as the rights to bestow additional privileges onto other users. It's rare to find an activity or procedure that can only be done by someone holding the admin role - there are a huge amount of other roles available in the platform - but in reality many organisations don't observe the Principle of Least Privilege and presume admin is needed, so overlook these other roles.