Restrict few Knowledge bases to 2 roles

Lucky1
Tera Guru

3 weeks ago

Hello all,

 

I have a requirement where 2 Knowledge bases (kb_knowledge_base) has to be restricted for both Knowledge manager and Knowledge admin. Apart from those 2 Knowledge bases, they should be able to see all others.
But I have created a group, where those 2 knowledge bases can be seen by the group members.

I have modified the existing oob ACL, but it's not working. 
Below is my script:
ACL: kb_knowledge_base -- None
Role: itil
Script:

var kbKnowledge = new KBKnowledgeBase();

// Allow bulk/system updates
if (kbKnowledge.isMultipleKnowledgeUpdate()) {
    answer = true;
}

// Always allow admin (safety)
// Always allow admins
if (gs.hasRole('admin')) {
    answer = true;
}
else {

    var restrictedKBs = [
        '9d9f2ab3c3b50e90f07c3be6050131d0',
        '246cdc43dbf1341015c8e16c0b9619ca'
    ];

    var allowedGroup = '23a619c7c3f07e508c405883e401312a';

    var kbId = current.kb_knowledge_base + "";

    if (restrictedKBs.indexOf(kbId) > -1) {

        if (gs.getUser().isMemberOf(allowedGroup)) {
            gs.log("KB Article Allowed for group");
            answer = true;
        } else {
            gs.log("KB Article Restricted");
            answer = false;
        }

    } else {
        gs.log("KB Article Allowed for all");
        answer = true;
    }
}


But this is not working because when I impersonate the users and check only last log is coming up. that is, KB Article Allowed for all.

 

So, can someone help on this please?

 

 

Regards,

Lucky

 

 

 

0 Helpfuls
  • 662 Views
10 REPLIES 10

Lucky1
Tera Guru
In response to Dr Atul G- LNG

3 weeks ago

Hello Atul,

 

I have opened the Knowledge base and went to Cannot read tab and seen, in the User criteria, the Knowledge_admin and Knowledge manager are also added. So it means that those should not see the Knowledge base right?

But when I impersonate them, still the knowledge base is visible to them.

 

This is the issue.

 

 

 

Regards,

Lucky

0 Helpfuls

Dr Atul G- LNG
Tera Patron
In response to Lucky1

3 weeks ago

As per my understanding, you can’t restrict this because these two are major roles that take precedence over everything. These are module-level roles—it’s like owning a house, and you cant enter it anytime.

*************************************************************************************************************
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/dratulgrover [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

AndersBGS
Tera Patron
In response to Lucky1

3 weeks ago

Hi @Lucky1 

 

I agree with @Dr Atul G- LNG on this one. You cant use user criteria to ensure that knowledge manager and knowledge admin can't see the knowledge base... this is contradicting.

 

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

0 Helpfuls

AndersBGS
Tera Patron

3 weeks ago

Hi @Lucky1 

 

Why not just utilizing user criteria which is available OOTB.

 

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

0 Helpfuls

Lucky1
Tera Guru
In response to AndersBGS

3 weeks ago

Hello Anders,

 

I tried it, but invain.

I opened the Knowledge base and navigated to Cannot read, and in the roles I have updated it with knowledge_manager and knowledge_admin, but still they are able to see.

Might be some inherited roles allowing them ?

 

Regards,

Lucky

0 Helpfuls