Why can people without access read knowledge in the knowledge base?

Bendezium
Tera Expert

I'm having a problem with knowledge in my instance that I know is not OOB behavior, but I can't put my finger on what is going on. 

In my PDI I followed these steps:

  1. Create a knowledge base. Assign "users with 'itil' role" as a "Can Read" and "Can Contribute" role.
  2. Put a knowledge article in there. Impersonate a non-itil user and create an incident.
  3. Impersonate an admin user. Attach the knowledge article to the incident and update the record so the default comment gets added to "additional comments" that the knowledge article was added.
  4. Impersonate user from step 2. Find your incident in Requests page of service portal. Click the link in additional comments to the knowledge article. You will see an error message that states "You do not have sufficient privileges...". This is what I expect.

In my enterprise instance and downstream development instances, the non-itil user is directed to the knowledge article on the kb_view.do page and can read it no problem. A few additional observations from my enterprise instance:

  • The user can also access the knowledge article using the permalink
  • The containing knowledge base has been published to the portal, but the non-itil user can not see or browse in it. They can therefore only access the article with a direct link.

Is there something I'm misunderstanding about the knowledge management process, or a place I haven't looked?

Thanks!

1 ACCEPTED SOLUTION

Bendezium
Tera Expert

We have a custom ACL on the kb_knowledge table that is overprovisioning access.

View solution in original post

3 REPLIES 3

Liz4
Giga Contributor

Two quick things to check:

  • Did you run a user criteria check on the article # and select the user you were able to see it as that shouldn't be able to see it? That is always the first place to check.
  • What is the glide.knowman.block_access_with_no_user_criteria property set too? If it is set to False, it might be related to that. 

This page has some helpful troubleshooting tips in it.

Bendezium
Tera Expert

Hi Liz, thanks for the suggestion on user criteria diag. It is showing "No Access" for both the knowledge base and article. Also the property should not apply because I have both the "Can Read" and "Can Contribute" properties set on the knowledge base. I think I may need to open a case. 

Bendezium
Tera Expert

We have a custom ACL on the kb_knowledge table that is overprovisioning access.