My HR knowledge writers cannot view user_criteria by default.

Patrick Canary · ‎06-02-2022

We've only really had one or two people writing articles for our HR knowledge bases and they happen to have ITIL licenses in addition to all their sn_hr_core roles. Recently we've expanded this responsibility to other HR Agents and they've noted that they cannot view the user criteria in "Can Read" and "Cannot Read" (both these fields are visible on our form layouts).

I've looked into this and found that there is a Global scoped OOB ACL which grants READ access to the user_criteria table and it includes roles such as Knowledge and ITIL but does not include sn_hr_core.kb_writer.

There IS one Human Resources: Core scoped ACL on user_criteria for Read access but it only includes sn_hr_core.content_reader and sn_cd.content_manager roles.

I can easily add sn_hr_core.kb_writer to the aforementioned HR ACL (or create a new one so as to avoid skipped updates) but I'm wondering if this is an oversight on the part of ServiceNow or if what we are doing is outside of best practice.

Advice?

Tom O_Neill · ‎06-02-2022

It's possible that we thought the KB writer wouldn't be dealing with who can access the article. That's just speculation though...

Patrick Canary · ‎06-03-2022

So then am I correct that I need to add sn_hr_core.kb_writer to the HR ACL/create a new ACL to provide that access?

Tom O_Neill · ‎06-03-2022

That would be one way. You could also include the user criteria role as part of HR kb_writer role I suppose. I'd be curious what others have done as I'm reasonably certain we haven't changed this logic in the last several years. It would be surprising if no one else ran into this.

Susan Britt · ‎06-06-2022

I think it's odd/an oversight as well, and the same logic is still in place in San Diego. I have done it both ways for customers - add the HR role to the ACL and included the sn_hr_core.content_reader role to the group (or role) that can contribute to the HR KBs.