How to best setup visibility of Knowledge Base by Groups within IT?

jajensen · ‎10-09-2014

So what my organization has done is setup a custom field in the Knowledge form that is the 'Target Audience' with selections of ['-- None --', Public, IT, Customer Service, Application Services, Infrastructure, Project Coordinators]. What I am tasked with doing is setting up a Business Rule or ACL that makes it so that if the logged in user is in a group with the same name as the selected Target Audience then the article can be seen. A '-- None --' or Public selection would be that everyone can see the article & a selection of IT would be all users with the role of itil can see the article.

I have tried the 'B.R.' root and hit a dead end as I could not figure out how to hide the record from view so that it could not be opened.

I tried the 'ACL' root but could not figure out how to setup the rules to fire on the querying of the records. With this I set it up with Type=record, Operation=read, Name=kb_knowledge; I play with switching around type & operation fields but could not find a combination that works.

Script field follows:

var isDebug = true;

if (isDebug) {gs.log("KB knowledge enter Target Audience.");}

answer = current.u_target_audience == '' || current.u_target_audience == 'Public' || (current.u_target_audience == 'IT' && gs.getUser().hasRole('itil')) || gs.getUser().isMemberOf(current.u_target_audience);

if (isDebug) {gs.log("KB knowledge condition evaluation: " + answer);}

---------------------------------------------------------------- End Script ---------------------------------

Not entirely sure I set either of these up correctly when I was doing this testing but any help would be appreciated.

Kumar35 · ‎10-09-2014

you should try to do a business rule on knowledge of type - before- query instead of going the ACL way

and I am very sure it will workout

In the script part I would build a if case for all target audience values -

// if for your 1st condition "if the logged in user is in a group with the same name as the selected Target Audience then the article can be seen."

if(user is member of(currrent.target_audience))

{

// try leaving this empty

}

else if (current.target_audience == "IT")

{

current.addQuery(check if user has itil role);

}

// and add these 2 at the end so that every one can see

current.addQuery('target_audience',"Public");

current.addQuery('target_audience',"--None--");

let me know how it goes, in case of issues please add your code here.

jajensen · ‎10-09-2014

Script Follows:

var isDebug = false;

if (isDebug) {gs.log("KB knowledge enter Target Audience.");}

var myUserObject = gs.getUser()

var allFromPublicOut = new Array();

allFromPublicOut[0] = new String("Public");

allFromPublicOut[1] = new String("--None--");

var myUserGroups = myUserObject.getMyGroups();

var groupsArray = new Array();

var it = myUserGroups.iterator();

var i=0;

while(it.hasNext()){

var myGroup = it.next();

var g = new GlideRecord("sys_user_group");

g.addQuery("sys_id", myGroup);

g.query();

if (g.next()) {

groupsArray[i] = g.name;

i++;

}

if (isDebug) {gs.log("KB knowledge, the user's groups: " + groupsArray);}

if(gs.getUser().hasRole('itil')) {

if (isDebug) {gs.log("KB knowledge security section 1.");}

if(myUserObject.isMemberOf("KB Librarian")){

//Do not add to query, member of this group sees all KBs

}

else{

current.addQuery('u_target_audience', "IT").addOrCondition("u_target_audience", "CONTAINS", allFromPublicOut).addOrCondition("u_target_audience", "CONTAINS", groupsArray ).addOrCondition( "u_created_by", gs.getUser());

}

else{

if (isDebug) {gs.log("KB knowledge security section 2.");}

current.addQuery('u_target_audience', "").addOrCondition("u_target_audience", "CONTAINS", allFromPublicOut);

}

---------------------------------------------------------------- End Script ---------------------------------

Thanks for the tip, Kumar S, that got me where I needed to be. This could possibly be made sorter but is working for me.

Kumar35 · ‎10-10-2014

glad that it worked out.

dont forget to change the post to Answered.