Potential Misconfiguration of Knowledge Base User Criteria

Jcarloss
Tera Contributor

Has anyone recently experienced this?

 

Potential Misconfiguration of Knowledge Base User Criteria
Take action • January 2024 

At ServiceNow, we are committed to privacy and data security. We are reaching out because a recent assessment shows that the system property glide.knowman.block_access_with_no_user_criteria is either not set or set to "False" on your noted instances, which, depending on other Knowledge Base (KB) User Criteria configurations, could allow unintended unauthenticated access to your KB articles.   

Here’s what we need you to do  

  • We recommend that you review your KB configurations, especially those that permit access to unauthenticated users, and update those configurations as necessary to align them with your business needs and use cases.
  • Perform a review of your KB User Criteria configuration for your instance(s), following the guidance provided in KB1123580

 

Set glide.knowman.block_access_with_no_user_criteria to false as per KB1123580 . the public articles previously accessible to unauthenticated users are not available.

 

Some of these articles have a blank "Can Read" and some have public. Neither are accessible.

 

Is there something we can put in Can Read or another way to make some articles accessible?

  

  

1 ACCEPTED SOLUTION

Mary S
Mega Sage

Fixed this with the help of Now Support...

 

Created a user criteria record with a role of public.

MaryS_0-1708460515958.png

Added that user criteria under "Can Read" to the knowledge base that needs access to some articles by unauthenticated users.

MaryS_1-1708460684162.png

The articles that need users to be authenticated have the user criteria on the individual articles.

MaryS_2-1708461022237.png

Articles without this restriction can be seen by public users.

 

View solution in original post

7 REPLIES 7

Mary S,

 

Very helpful, thank you for sharing.

 

One question:

Does this mean you kept the sys_prop FALSE , or does the configuration you detailed via your work with SN HI Support provide for a reasonable means to provide intended KB Article access to certain user groups while keeping the sys_prop TRUE?

 

Thanks,

Pat 

~ "Breynia Disticha"

@pbusch  Yes, we kept glide.knowman.block_access_with_no_user_criteria as false and explicitly set the user criteria on each article.

pbusch
Tera Expert

OK thanks for the feedback.

~ "Breynia Disticha"