Issue with Knowledge Blocks Access Control - Need Help Overcoming "Can Contribute" Rule

Hi everyone,

I'm encountering a critical issue with the functionality of Knowledge Blocks due to the rules governing their access. Here’s my situation:

1. I have a knowledge base (KB001) where the "Can contribute" section/tab is assigned to an assignment group named GlobalGrp.
2. Knowledge Blocks have been enabled in KB001.
3. I created a Knowledge Block (KB1) with the "CAN READ" section mapped to an assignment group (SubGrp1) and left the "CANNOT READ" section empty. KB1 is published.
4. I created a knowledge article (KA1) and added KB1 to it. KA1 is saved and published.

According to my understanding, only users in the SubGrp1 group should see the contents of KB1 in KA1. Other users should not see KB1’s contents.

However, when I tested:

• User 1, belonging to SubGrp1, can see KB1’s content in KA1.
• User 2, not in SubGrp1, can also see KB1’s content in KA1.

Upon reviewing the ServiceNow documentation ( https://docs.servicenow.com/bundle/washingtondc-servicenow-platform/page/product/knowledge-managemen...

I found these rules:

• Rule 1: Users meeting any "Can Contribute" criteria at the knowledge base level can read all Knowledge Block content, regardless of "Can read" or "Cannot read" settings at the block level.
• Rule 2: Users meeting any "Cannot read" criteria at the block level cannot read the block content, regardless of "Can read" settings.

In my case, since SubGrp1 is part of GlobalGrp mapped in the "Can contribute" section of the knowledge base, all users can see KB1’s content in KA1, regardless of its specific permissions.

This issue prevents us from effectively using the "Can read" and "Cannot read" conditions of Knowledge Blocks. Has anyone encountered this problem before? How can we overcome this issue or possibly override Rule 1?

Your guidance and suggestions would be greatly appreciated. Thank you!

Please let me know if there are any questions