Map Roles, Groups to Permissions for Knowledge Managers in ServiceNow

Lauren Methena
Giga Guru

Does anyone else out there have trouble figuring out which roles map to which permissions in ServiceNow - or is it just me? 

We'll think we've got it and add someone to groups, so the permissions and roles assigned to that group convey to the members of that group, and then I'll find some hole in the accesses. For example, someone can do everything needed BUT be able to edit in the review workflow state. (As knowledge owner, I can do all the things, and we wanted some other users to have the same or very similar permissions without actually making them owners.)

Is there some sort of universal chart somewhere that shows which roles (i.e., image_admin, hr_core.basic, etc.) map to which permissions? 

Here's what my research has gotten me so far - and I don't know how much of this is OOB versus unique to our organization:

Group (our unique name)

Description

Roles

HR KB Answers Contributors

Grants the ability to create and edit articles in the HR Answers knowledge base; can also be used as criteria in the Can Read field in articles

sn_hr_core.basic

HR KB Feedback

Used for knowledge feedback task (KFT) assignments

sn_hr_core.basic

HR KB KO Comm

HR knowledge owner group for HR Communications articles

image_admin

sn_hr_core.basic

sn_hr_core.content

HR KB KO General

HR knowledge owner group for general articles

image_admin

sn_hr_core.basic

sn_hr_core.content

HR KB Mgmt

HR knowledge management team; grants access to HR KB-specific reports

sn_hr_core.basic

HR Know Mgmt

Determines who can be assigned to work a Knowledge Management case; intersection of case and knowledge

 

HR Knowledge Admin

Grants users access to all knowledge admin functionality

knowledge_admin

HR Portal Mgmt

Manages the HR Home (ESC) content

sn_hr_core.content_reader
guided_tour_admin
image_admin
sn_cd.content_manager
announcement_admin
sn_hr_core.basic

Knowledge Managers

Grants ability to approve publishing of new and updated articles

 

Note: Not our typical group. Access is granted at the knowledge base level under Knowledge > Administration > Knowledge Bases. In the list of knowledge bases, click on the name of the knowledge base in which you want to edit the list of knowledge managers. Existing knowledge managers can add other knowledge managers.

 

When a user is added to this group, they automatically receive the knowledge_manager role.

knowledge_manager

 

So, for example, if we add users to the HR KB KO General group, they get these three roles:

  • image_admin (I know this one is so you can add images to the image library)

  • sn_hr_core.basic

  • sn_hr_core.content

What do each of those roles actually do? Which one, for example, would let someone be able to do things, such as:

  • Edit a knowledge article that's been checked out by someone else?
  • Edit a knowledge article while it's in review and not just in draft?

Or - does each role depend on what we told it to do somewhere on the backend?

It's a lot, and I'm not necessarily finding all the answers.

So, first question is: Is there even a universal chart somewhere? Are these the same or similar across ServiceNow?

Second question: If they are universal, is there a way to share information so we could create some sort of quick-reference-guide-cheat-sheet thing for knowledge managers to share?

Because I don't know about others, but where I work, if I'm able to say, "Please copy so-and-so's profile and add new-employee to the same groups," it makes things easier for everyone.

Thank you in advance! Hope we can make some progress on this one! 

1 REPLY 1

Sam Goode
Tera Guru

The mix of roles, groups, user criteria, access control lists, settings and conditions does feel completely overwhelming most of the time. I feel like KM has the most complicated mix of permissions controls out of all of the areas of ServiceNow.

 

One of the most useful resources I've found is this one: https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/knowledge-management/conce...

It mentions some roles, user criteria and how certain settings change the behavior.

 

Based on my current understanding (not massively confident here):

  • Roles can contain other roles
  • Roles can be assigned to groups (recommended), or users directly (not recommended).
  • User criteria can be based on groups, roles, users, companies, locations and various other things.

 

So it might be that one of your knowledgebases has "HR Editors" user criteria assigned to the "can contribute" list for it.

That user criteria might be made up of anyone with the role sn_hr_core.basic who is also in the group HR KB KO General. (That would actually be redundant if everyone in the group already has that role, the user criteria would only need to specify the group in that case).

 

 

 

There is also the roles page in the docs which mentions roles like kcs_candidate and kcs_contributor, though as far as I've been able to tell so far, having those roles doesn't actually allow you do anything different. I think they are more for differentiating who is at what level within the KCS methodolgy, so work more like skill assignments. Hopefully someone can correct me on that though.

https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/knowledge-management/refere...