Ownership groups & creating articles in shared KB without ability to edit other groups' articles

jasonkohl · ‎11-06-2024

We would like to configure a central end-user facing knowledge base where multiple ownership groups can manage the lifecycle of their knowledge articles (create, edit, retire, process feedback). We gave the ownership groups Can Contribute access to the KB which allowed them to create new articles, but it also gave them the ability to edit different ownership group articles which we did not want.

If we removed the ownership groups' Can Contribute permissions from the knowledge base, the ownership groups could edit their assigned articles but did not have the ability to create a new article in the KB.

How can we configure the single shared knowledge base so that different ownership groups can create new knowledge in it but then only be able to edit articles assigned to their group?

jasonkohl · ‎11-13-2024

I believe we figured it out. Unfortunately, when testing in our subprod instance, the primary test user we were using had been configured as a Manager on a different knowledge base. Because of this, they had the Knowledge Manager role associated with their user profile. We added them to an ownership group and then provided that ownership group Can Contribute access to the shared knowledge base. Once this person had contribute access, their knowledge manager role permissions also applied which gave them permission to edit all knowledge articles, not just the ones assigned to their ownership group.

Using a vanilla test user (no other knowledge permissions), everything worked as we wanted and expected. They were able to create new knowledge to the KB, they were able to edit articles that were not yet assigned to an ownership group, they were able to edit articles assigned to their own ownership group, and they were NOT able to edit articles assigned to other ownership groups they were not a part of.

All is well, thanks for sticking with us, and sorry for posting something we should have caught in testing. The more you know!

View solution in original post

qprinsloo · ‎11-06-2024

This would be a customization but I would probably approach it by creating ACLs based on group membership so users can only edit articles they are group members of as well as leverage the existing 'Can Contribute" permissions at the knowledge base level.

jasonkohl · ‎11-07-2024

Thank you! So there is no out of box way to utilize the ownership group functionality (so only assigned ownership groups can edit their own articles) but also have them be able to create new articles within a knowledge base? It seems we can get both requirements OOB, but just not at the same time, unless we're missing a configuration setting somewhere.

qprinsloo · ‎11-08-2024

I believe so. I'm not aware of any OOTB way to do what your tying to accomplish without using some form of customization. I suspect the ACL will be the simplest approach. The OOTB control is defined in this ACL which leverages this script include.

ACL:

https://___instance___.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=20cb513cd71221004792a1737e6103dc

Script include:

https://___instance___.service-now.com/sys_script_include.do?sys_id=da5a4ab2d72121004792a1737e6103c5

shannont · ‎11-06-2024

Hi @jasonkohl ,

If I am fully understanding what you've outlined above, it seems you want an end user facing KB where all end users can view the content but you only want to provide certain knowledge workers with the ability to create in that KB. To my knowledge, you should use Ownership Groups at the article level, not the KB level. If you only want certain individuals contributing to a KB, I would suggest creating a utilizing a User Criteria group to use for that part and then use OGs at the article level to control lifecycle mgmt.