Using roles and user criteria

vyjayanth · ‎10-11-2016

If a Knowledge Base has a User Criteria and when we add Roles on the Knowledge Article, after publishing the article, the users that match the User Criteria seems to not have access. is this expected behavior

Found few links but could not find any update

Control Knowledge Access through User Criteria

Article Security and Filtering in Knowledge v3

Based on the ACL's found below

If it's a New Record (user has create access)
For Existing records below is are the read access order of conditions
1. User has 'knowledge_admin'
2. Is a Knowledge Base Owner(user) on the Knowledge record associated Knowledge Base (can read back end in any state front end only if published)
3. Is a Knowledge Base Manager(user) on the Knowledge record associated Knowledge Base (can read back end in any state front end only if published)
4. If the Knowledge article is Published, and has roles, user would need to have the roles to get access to read, back end and front end (can read back end in any state front end only if published)
5. If the Knowledge article is not Published, users who can contribute or have knowledge role can see it in the back end

quentin_gillet · ‎10-12-2016

if your user match the user criteria, they would have access to the Knowledge Base. If you then secure your article with a role, then your user would need to have this role to be able to access the article, on top of matching the user criteria for the knowledge base.

So to answer your question, if users matching the user criteria do not have the role used for the article, I would expect them NOT to have access to the article.

vyjayanth · ‎10-12-2016

I agree if that was for a read role (Can Read), if the user criteria is added to the Can Contribute, shouldn't the user always have access to view from the back end, like for editing and maintaining Knowledge Articles

quentin_gillet · ‎10-12-2016

I do not agree. (i am not part of the development/product management team, so I am just commenting on the logic regarding the feature)

It is possible to have more than 1 user criteria as Can contribute. So in a scenario where we have a user subset A (user criteria A) without the role and a user subset B (user criteria B) with the role, I would expect the subset B to see the article and the subset A not to see the article.

The role at the article level enables you to segregate the data within the knowledge base (for example a regional knowledge base - ie APAC and then some article for the management team only restricted by a role) and therefore I would expect someone to satisfy both the user criteria and role if they were to see the article.

Sarup Paul · ‎10-13-2016

Applying article level user criteria for read permissions is being targeted for Istanbul release.