Restrict few Knowledge bases to 2 roles

Lucky1
Tera Guru

5 hours ago

Hello all,

 

I have a requirement where 2 Knowledge bases (kb_knowledge_base) has to be restricted for both Knowledge manager and Knowledge admin. Apart from those 2 Knowledge bases, they should be able to see all others.
But I have created a group, where those 2 knowledge bases can be seen by the group members.

I have modified the existing oob ACL, but it's not working. 
Below is my script:
ACL: kb_knowledge_base -- None
Role: itil
Script:

var kbKnowledge = new KBKnowledgeBase();

// Allow bulk/system updates
if (kbKnowledge.isMultipleKnowledgeUpdate()) {
    answer = true;
}

// Always allow admin (safety)
// Always allow admins
if (gs.hasRole('admin')) {
    answer = true;
}
else {

    var restrictedKBs = [
        '9d9f2ab3c3b50e90f07c3be6050131d0',
        '246cdc43dbf1341015c8e16c0b9619ca'
    ];

    var allowedGroup = '23a619c7c3f07e508c405883e401312a';

    var kbId = current.kb_knowledge_base + "";

    if (restrictedKBs.indexOf(kbId) > -1) {

        if (gs.getUser().isMemberOf(allowedGroup)) {
            gs.log("KB Article Allowed for group");
            answer = true;
        } else {
            gs.log("KB Article Restricted");
            answer = false;
        }

    } else {
        gs.log("KB Article Allowed for all");
        answer = true;
    }
}


But this is not working because when I impersonate the users and check only last log is coming up. that is, KB Article Allowed for all.

 

So, can someone help on this please?

 

 

Regards,

Lucky

 

 

 

0 Helpfuls
  • 200 Views
7 REPLIES 7

Lucky1
Tera Guru
In response to Dr Atul G- LNG

3 hours ago

Hello Atul,

 

I have opened the Knowledge base and went to Cannot read tab and seen, in the User criteria, the Knowledge_admin and Knowledge manager are also added. So it means that those should not see the Knowledge base right?

But when I impersonate them, still the knowledge base is visible to them.

 

This is the issue.

 

 

 

Regards,

Lucky

0 Helpfuls

Dr Atul G- LNG
Tera Patron
In response to Lucky1

2 hours ago

As per my understanding, you can’t restrict this because these two are major roles that take precedence over everything. These are module-level roles—it’s like owning a house, and you cant enter it anytime.

*************************************************************************************************************
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/dratulgrover [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

AndersBGS
Tera Patron

an hour ago

Hi @Lucky1 

 

Why not just utilizing user criteria which is available OOTB.

 

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

0 Helpfuls