- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2024 04:27 AM
On Knowledge Article Edit access shouldn't only be the Assigned Ownership Group, it should be for all Ownership Groups. But OOB functionality is working as Member of one Ownership Group switches to another, if he/she is not part of that group is unable to edit an article.
We have tried ACL, now user can able to edit but Checkout button is still not visible. Is there any better approach without customizing OOB Script Include on 'Checkout' UI action condition?
Attaching the ACL script below:
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2024 09:08 AM
In order to show the UI Action, you'll need to override the behaviour of the KBVersioning.canCheckout function. Safest way to do this is by adding an overriding function in KBVersioning script include:
var KBVersioning = Class.create();
KBVersioning.prototype = Object.extendsObject(KBVersioningSNC, {
/**
* Checks whether checkeout can be done by this user, from this record
* First checks the results of the OOB canCheckout function
* Then an additional check for ownership group alignment
*
* @Param GlideRecord: current
* @return Boolean
**/
canCheckout: function(kbRecordGR) {
var canCheckoutSNC = KBVersioningSNC.prototype.canCheckout.call(this, kbRecordGR);
//Truthy, no further check required
if (canCheckoutSNC == true)
return true;
return this.isMemberOfAnyOwnershipGroup();
},
canWrite: function(kbRecordGR) {
var canWriteSNC = KBVersioningSNC.prototype.canWrite.call(this, kbRecordGR);
if (canWriteSNC == true)
return true;
// Only latest version can be modified by anyone.
// We're technically running this twice :(
if (!this.isLatestVersion(current))
return false;
switch (current.getValue('workflow_state')) {
case 'draft':
case 'review':
case 'pending_retirement':
case 'published':
return this.isMemberOfAnyOwnershipGroup();
default:
return false;
}
},
isMemberOfAnyOwnershipGroup: function() {
var currentUser = gs.getUser();
var currentUserGroups = currentUser.getMyGroups();
var KNOWLEDGE_TYPE_GROUP = '458de4f067671300dbfdbb2d07415ad6';
var groupsGR = new GlideRecord('sys_user_group');
groupsGR.addQuery('type', 'CONTAINS', KNOWLEDGE_TYPE_GROUP);
groupsGR.addQuery('sys_id', 'IN', j2js(currentUserGroups));
groupsGR.setLimit(1); //We only want to check if a record is present;
groupsGR.query();
return groupsGR.hasNext(); //Will be true if a record is found
},
type: 'KBVersioning'
});

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2024 08:46 AM
Hi,
By allowing all ownership groups to have access feels like defeating the purpose of ownership groups. When you say all owernership groups, is that any user whos a member of a group with the knowledge type; any user with the knowledge role; or only user's who's a member of a group with the knowledge type where the group is aligned to atleast one article in the same knowledge base?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2024 07:56 AM - edited 05-14-2024 07:59 AM
As I mentioned any User whos a Member of one Ownership Group switches to another, even a user(with knowledge role) is not part of that group is able to edit/checkout an article..

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2024 09:08 AM
In order to show the UI Action, you'll need to override the behaviour of the KBVersioning.canCheckout function. Safest way to do this is by adding an overriding function in KBVersioning script include:
var KBVersioning = Class.create();
KBVersioning.prototype = Object.extendsObject(KBVersioningSNC, {
/**
* Checks whether checkeout can be done by this user, from this record
* First checks the results of the OOB canCheckout function
* Then an additional check for ownership group alignment
*
* @Param GlideRecord: current
* @return Boolean
**/
canCheckout: function(kbRecordGR) {
var canCheckoutSNC = KBVersioningSNC.prototype.canCheckout.call(this, kbRecordGR);
//Truthy, no further check required
if (canCheckoutSNC == true)
return true;
return this.isMemberOfAnyOwnershipGroup();
},
canWrite: function(kbRecordGR) {
var canWriteSNC = KBVersioningSNC.prototype.canWrite.call(this, kbRecordGR);
if (canWriteSNC == true)
return true;
// Only latest version can be modified by anyone.
// We're technically running this twice :(
if (!this.isLatestVersion(current))
return false;
switch (current.getValue('workflow_state')) {
case 'draft':
case 'review':
case 'pending_retirement':
case 'published':
return this.isMemberOfAnyOwnershipGroup();
default:
return false;
}
},
isMemberOfAnyOwnershipGroup: function() {
var currentUser = gs.getUser();
var currentUserGroups = currentUser.getMyGroups();
var KNOWLEDGE_TYPE_GROUP = '458de4f067671300dbfdbb2d07415ad6';
var groupsGR = new GlideRecord('sys_user_group');
groupsGR.addQuery('type', 'CONTAINS', KNOWLEDGE_TYPE_GROUP);
groupsGR.addQuery('sys_id', 'IN', j2js(currentUserGroups));
groupsGR.setLimit(1); //We only want to check if a record is present;
groupsGR.query();
return groupsGR.hasNext(); //Will be true if a record is found
},
type: 'KBVersioning'
});