Knowledge Base User Criteria and access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2018 05:43 PM
I am not a Service Now administrator, but I am the Knowledge Administrator. I am trying to figure out how to make the user criteria work in my environment and am running into some trouble understanding how the user criteria settings in a knowledge base should work. In reading the product documentation it says:
"If a knowledge base has canRead user criteria, but no canContribute user criteria, all users with at least one role can access and modify the knowledge base."
When I read that - I think it should also mean that if canContribute user criteria is assigned, then only those specified will be able to contribute to the knowledge base; this would track with the user criteria access rules for individual articles.
So, question one is: Can anyone confirm for me if this is true? Should assigning canContribute criteria to a knowledge base restrict contribute rights to only the specified User Criteria group?
Question two is a bit more involved because we have a complicated set-up in our support organization. We have multiple knowledge bases, each assigned to a specific support team or group. We also have some individuals who may need to have contribute rights in more than one knowledge base.
I will try and provide an example.
Say we have 2 knowledge bases Tax and Audit. Each knowledge base has a KB Contributors group and a KB Readers User Criteria group assigned to it. so we have:
Tax KB Contributors = Can create and modify articles in the Tax Knowledge Base
Group: Tax Applications
Tax KB Readers - Can Read articles, but cannot create or modify articles in the Tax Knowledge Base
Groups: Audit Applications
Audit KB Contributors = Can create and modify articles in the Tax Knowledge Base
Group: Audit Applications
Audit KB Readers - Can Read articles, but cannot create or modify articles in the Tax Knowledge Base
Groups: Tax Applications
( If you're still with me, thank you! )
So now let's assume we have 1 individual who needs to be able to edit or create articles in both the Tax and the Audit knowledge bases and is part of those respective groups in Service Now.
If I add that individual to the KB Contributors User Criteria group for Tax or Audit, they will not be able to create or modify articles because they are also in the KB Readers group under the Audit Applications group.
Does anyone have any advice or recommendations on how to create User Criteria groups that will not over-write contribute access for cross-associated individuals?
- Labels:
-
Knowledge Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2018 09:39 AM
Should assigning canContribute criteria to a knowledge base restrict contribute rights to only the specified User Criteria group?
I believe so yes. The only exception would be KB owner and managers-- they always have those rights.
If I add that individual to the KB Contributors User Criteria group for Tax or Audit, they will not be able to create or modify articles because they are also in the KB Readers group under the Audit Applications group.
Did you test that? I'm pretty sure any edit rights trumped any read rights.
I ran a quick test with the following setup:
- KB1
- Can Contribute: Test A Edit (user criteria with group containing Allie)
- Can Read: Test B Read (user criteria with group containing Andrew)
- KB2
- Can Contribute: Test B Edit (user criteria with group containing Andrew)
- Can Read: Test A Read (user criteria with group containing Allie)
In my testing:
- Andrew was able to create in KB2 and view published articles in KB1
- Allie was able to create in KB1 and view published articles in KB2
- Adding both groups to the Test A Edit user criteria resulting in Andrew being able to create in both KBs
To answer your question, here's what I see as possible routes:
- create a new user criteria that you grant to both KBs under canContribute
- add the user to both Tax KB Contributors and Audit KB Contributors user criteria
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2018 10:22 AM
Thank you Erik, I appreciate the response.
"Should assigning canContribute criteria to a knowledge base restrict contribute rights to only the specified User Criteria group?
I believe so yes. The only exception would be KB owner and managers-- they always have those rights."
Unfortunately, this has not been my experience - but that tells me that this is likely due to how I have this setup and not a flaw in the system.
"If I add that individual to the KB Contributors User Criteria group for Tax or Audit, they will not be able to create or modify articles because they are also in the KB Readers group under the Audit Applications group.
Did you test that? I'm pretty sure any edit rights trumped any read rights."
Yes, I have tested my setup - but - I wonder if the issue has more to do with the fact that I am using all four User Criteria settings, canRead, canContribute, cannotRead, cannotContribute instead of applying just canRead and canContribute.
I will work with my administrators to test this more and see if I can find a resolution that matches what your testing showed. Thank you very much for your time!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2018 05:43 PM
Please remember to mark as helpful or correct answer if I've answered your question.
