Retrieve ServiceNow knowledge base permissons / ACLs

sky7 · ‎08-30-2018

Is there any method to get read, create, write, delete permissions on knowledge base? I can find the info through the UI related list but wonder if I can get them through REST API or examine the exact location of the table.

Brad Tilton · ‎08-30-2018

Those two records are user criteria records. You can use the table API to query the kb_uc_can_read_mtom table to find which user criteria records have access to the knowledge base in question (note these can also be related at the knolwedge article level). When you find which user criteria are associated with which KB you can query the user_criteria table and get this record:

In this case all users whose company is ACME North America can access an article in the knowledge base that doesn't also have user criteria associated with the article. Notice there are 7 different ways to define access in the user criteria record before clicking advanced and writing a script. I would not try to export and reconstruct the KB security model outside of SN due to the contextual nature and complexity.

View solution in original post

Brad Tilton · ‎08-30-2018

Are you looking for the permissions to view knowledge records and fields on the back end (think people writing articles and managing the knowledge base structure), or permissions to view articles on the front end?

For the former, ACLs would be the case and they can be accessed through the table api, but for the latter you should look into user criteria, which can be selected for knowledge articles and/or for knowledge bases.

If you're looking to extract who has access to which articles, that would be pretty difficult as user criteria is highly contextual and can be based on user roles, group membership, location, and company, as well as scripted.

sky7 · ‎08-30-2018

Thanks for the rely. Let's say in the picture. The knowledge base has two groups/roles who can read. Is there any way that I can get these info on the back end, e.g, where are they stored? I tried the relationship and related list table, but no luck so far. Even if I can meet the user criteria somehow, I still need to figure out the association between the knowledge base, permissions (Can read, can contribute, etc) and the groups/roles to which the permissions are granted. Any idea how to get that through the api?

Brad Tilton · ‎08-30-2018

Those two records are user criteria records. You can use the table API to query the kb_uc_can_read_mtom table to find which user criteria records have access to the knowledge base in question (note these can also be related at the knolwedge article level). When you find which user criteria are associated with which KB you can query the user_criteria table and get this record:

In this case all users whose company is ACME North America can access an article in the knowledge base that doesn't also have user criteria associated with the article. Notice there are 7 different ways to define access in the user criteria record before clicking advanced and writing a script. I would not try to export and reconstruct the KB security model outside of SN due to the contextual nature and complexity.

sky7 · ‎08-30-2018

Thanks so much Brad! That table name is exactly what I am looking for. A few more related questions I am stuck on.

How do you get the table name? Anything I am missing? Is there any documentation link that explains the table names and related fields in the http response?
If user criteria can be applied at knowledge article level, how can I achieve that? The doc/video says "In knowledge management v3, user access is controlled at the knowledge base level"
Is there any easier way to get which user can get access to the knowledge article / base rather than reconstructing the security model outside of SN?