Potential Misconfiguration of Knowledge Base User Criteria

Jcarloss · ‎01-26-2024

Has anyone recently experienced this?

Potential Misconfiguration of Knowledge Base User Criteria
Take action • January 2024

At ServiceNow, we are committed to privacy and data security. We are reaching out because a recent assessment shows that the system property glide.knowman.block_access_with_no_user_criteria is either not set or set to "False" on your noted instances, which, depending on other Knowledge Base (KB) User Criteria configurations, could allow unintended unauthenticated access to your KB articles.

Here’s what we need you to do

We recommend that you review your KB configurations, especially those that permit access to unauthenticated users, and update those configurations as necessary to align them with your business needs and use cases.
Perform a review of your KB User Criteria configuration for your instance(s), following the guidance provided in KB1123580.

Set glide.knowman.block_access_with_no_user_criteria to false as per KB1123580 . the public articles previously accessible to unauthenticated users are not available.

Some of these articles have a blank "Can Read" and some have public. Neither are accessible.

Is there something we can put in Can Read or another way to make some articles accessible?

Mary S · ‎02-20-2024

Fixed this with the help of Now Support...

Created a user criteria record with a role of public.

Added that user criteria under "Can Read" to the knowledge base that needs access to some articles by unauthenticated users.

The articles that need users to be authenticated have the user criteria on the individual articles.

Articles without this restriction can be seen by public users.

View solution in original post

DanielCordick · ‎01-27-2024

I believe you can set that property to true if you have knowledge articles that have user criteria empty

Mark Roethof · ‎01-27-2024

Hi there,

This Communication record has been send to a lot of customers. What is your specific question on it?

If considering enabling, do check if your current users then still can access the knowledge articles or that you do need to do extra work on this. So don't just change the system property and promote it to production.

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Mary S · ‎01-29-2024

We have articles with empty "Can Read" fields that can be accessed by unauthenticated users at xxxservice-now.com/kb. We have SSO set up, so other articles are only available to authenticated users in the user criteria groups listed in the Can Read field.

When glide.knowman.block_access_with_no_user_criteria is false, the articles with empty Can Read fields are available to unauthenticated users, as we want them to be. When this system property is true, these articles are not available. Adding guest or public users to Can Read does not make the articles available.

Is there any way to make just these articles available to unauthenticated users?

If not, is it a requirement to set glide.knowman.block_access_with_no_user_criteria to true?

Mary S · ‎02-20-2024

Fixed this with the help of Now Support...

Created a user criteria record with a role of public.

Added that user criteria under "Can Read" to the knowledge base that needs access to some articles by unauthenticated users.

The articles that need users to be authenticated have the user criteria on the individual articles.

Articles without this restriction can be seen by public users.