User criteria not working as expected

si21 · ‎01-21-2025

Hi experts,

We have a Manager user criteria created using script for a KB.

When a manager searching this KB, sometimes they are able to access the article and some times they are unable to access.

Even when tested in user criteria diagnostics, some times it shows user has access and sometimes no access.

How to debug or fix this issue? below is the script

 var mgr = false;
 var mgr1 = false;
 var grus = new GlideRecord('sys_user');
 grus.addEncodedQuery('active=true');
 grus.addQuery('manager', gs.getUserID());
 grus.query();
 if (grus.next()) {
     mgr = true;
 }
 var grus11 = new GlideRecord('sys_user');
 grus11.addEncodedQuery('active=true^u_hr_management_levelLIKEManager^ORu_hr_management_levelLIKEexec');
 grus11.addQuery('sys_id', gs.getUserID());
 grus11.query();
 if (grus11.next()) {
     // 			gs.addInfoMessage('inside if');
     mgr1 = true;
 }
 if (mgr == true || mgr1 == true) {
     answer = true;
 } else {
     answer = false;
 }

TIA

Ankur Bawiskar · ‎01-21-2025

@si21

always use user_id instead of gs.getUserID() in user criteria script

did you add logs and see?

Try to logout and login again to verify

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎01-28-2025

@si21

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Dan O Connor · ‎01-21-2025

Is the user who has Manager or Exec always meant to have access to the KB?

Scripting it just seems unnecessarily complicated. Just make an ACL that grants users who have the role, to the Knowledgebase.

Also remember if you are restricting access to a particular Knowledgebase, map that out in the conditions.

Otherwise this ACL (and your script) is running against every user accessing every KB and super inefficient. Again maybe you have this managed in the rest of the ACL and only sharing the script.

But I'd suggest ditching the script since your making a custom ACL. You can do this simpler with Role condition and be easier to document and support longterm.