Map Roles, Groups to Permissions for Knowledge Managers in ServiceNow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2022 10:38 AM
Does anyone else out there have trouble figuring out which roles map to which permissions in ServiceNow - or is it just me?
We'll think we've got it and add someone to groups, so the permissions and roles assigned to that group convey to the members of that group, and then I'll find some hole in the accesses. For example, someone can do everything needed BUT be able to edit in the review workflow state. (As knowledge owner, I can do all the things, and we wanted some other users to have the same or very similar permissions without actually making them owners.)
Is there some sort of universal chart somewhere that shows which roles (i.e., image_admin, hr_core.basic, etc.) map to which permissions?
Here's what my research has gotten me so far - and I don't know how much of this is OOB versus unique to our organization:
|
Group (our unique name) |
Description |
Roles |
|
HR KB Answers Contributors |
Grants the ability to create and edit articles in the HR Answers knowledge base; can also be used as criteria in the Can Read field in articles |
sn_hr_core.basic |
|
HR KB Feedback |
Used for knowledge feedback task (KFT) assignments |
sn_hr_core.basic |
|
HR KB KO Comm |
HR knowledge owner group for HR Communications articles |
image_admin sn_hr_core.basic sn_hr_core.content |
|
HR KB KO General |
HR knowledge owner group for general articles |
image_admin sn_hr_core.basic sn_hr_core.content |
|
HR KB Mgmt |
HR knowledge management team; grants access to HR KB-specific reports |
sn_hr_core.basic |
|
HR Know Mgmt |
Determines who can be assigned to work a Knowledge Management case; intersection of case and knowledge |
|
|
HR Knowledge Admin |
Grants users access to all knowledge admin functionality |
knowledge_admin |
|
HR Portal Mgmt |
Manages the HR Home (ESC) content |
sn_hr_core.content_reader |
|
Knowledge Managers |
Grants ability to approve publishing of new and updated articles
Note: Not our typical group. Access is granted at the knowledge base level under Knowledge > Administration > Knowledge Bases. In the list of knowledge bases, click on the name of the knowledge base in which you want to edit the list of knowledge managers. Existing knowledge managers can add other knowledge managers.
When a user is added to this group, they automatically receive the knowledge_manager role. |
knowledge_manager |
So, for example, if we add users to the HR KB KO General group, they get these three roles:
-
image_admin (I know this one is so you can add images to the image library)
-
sn_hr_core.basic
-
sn_hr_core.content
What do each of those roles actually do? Which one, for example, would let someone be able to do things, such as:
- Edit a knowledge article that's been checked out by someone else?
- Edit a knowledge article while it's in review and not just in draft?
Or - does each role depend on what we told it to do somewhere on the backend?
It's a lot, and I'm not necessarily finding all the answers.
So, first question is: Is there even a universal chart somewhere? Are these the same or similar across ServiceNow?
Second question: If they are universal, is there a way to share information so we could create some sort of quick-reference-guide-cheat-sheet thing for knowledge managers to share?
Because I don't know about others, but where I work, if I'm able to say, "Please copy so-and-so's profile and add new-employee to the same groups," it makes things easier for everyone.
Thank you in advance! Hope we can make some progress on this one!
- Labels:
-
Knowledge Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2022 01:52 AM
The mix of roles, groups, user criteria, access control lists, settings and conditions does feel completely overwhelming most of the time. I feel like KM has the most complicated mix of permissions controls out of all of the areas of ServiceNow.
One of the most useful resources I've found is this one: https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/knowledge-management/conce...
It mentions some roles, user criteria and how certain settings change the behavior.
Based on my current understanding (not massively confident here):
- Roles can contain other roles
- Roles can be assigned to groups (recommended), or users directly (not recommended).
- User criteria can be based on groups, roles, users, companies, locations and various other things.
So it might be that one of your knowledgebases has "HR Editors" user criteria assigned to the "can contribute" list for it.
That user criteria might be made up of anyone with the role sn_hr_core.basic who is also in the group HR KB KO General. (That would actually be redundant if everyone in the group already has that role, the user criteria would only need to specify the group in that case).
There is also the roles page in the docs which mentions roles like kcs_candidate and kcs_contributor, though as far as I've been able to tell so far, having those roles doesn't actually allow you do anything different. I think they are more for differentiating who is at what level within the KCS methodolgy, so work more like skill assignments. Hopefully someone can correct me on that though.
