Confused about User Criteria Scripting

IDewar
Tera Expert

Hi there,

 

We have recently upgraded to Washington DC as well as made changes to the User Criteria needing to protect our Knowledge Base due to issue documented in KB1123580. 

 

During this process, our active users that have no roles have lost the ability to see the Knowledge Base that everyone in the company should be able to see (Knowledge KB). On this we changed the Can Read User Criteria from "Any User" to "Any Active User" which has the following script out of the box:

 

answer();

function answer()
{
       if (gs.getUser().getRecord().getValue('active') == true)
		   {return true;}
       else
		   {return false;}
}

 

 This seems correct but users who log into the system aren't able to see the KB. In my testing to see if I could figure out a way around this, I simply tried to create a User Criteria that would not show the KB by making one that just had the script "false;" in it. However, this still worked! 

 

Strangely, setting "Any Active User" on our Development server (which has not been upgraded yet) seems to let these Active users see the KB. So I am not sure what has changed now and why a "false" script still lets users see the KB?

 

Any help with this would be most appreciated! 

 

(glide.knowman.block_access_with_no_user_criteria is also set to False right now)

4 REPLIES 4

Sandeep Rajput
Tera Patron
Tera Patron

@IDewar Could you please replace getRecord with a GlideRecord here and see if it fixes your issue. Please refer to the support article https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0723759 to know more details about why getRecord shouldn't be used.

Hi there Sandeep,

 

That was a good pull but sadly it didn't seem to fix the issue. I have updated the script to the following:

answer();

function answer()
{
	var user_id = gs.getUserID(); 
	var gr = new GlideRecord('sys_user'); 
	gr.get(user_id); 
	var userSource = gr.getValue('active');

       if (userSource == true)
		   {return true;}
       else
		   {return false;}
}

 

Sadly normal active non-itil user's still can't see the KB. 

@IDewar Did you try clearing the cache using cache.do after applying the above fix? As User Criteria are highly cached on instance and often used the cached version unless the cache is cleared using cache.do.

@Sandeep Rajput Sadly it still didn't work. Not sure what is wrong with it but we have figured out a work around that works for us. It's a strange one but thank you so much for your help.