Knowledge v3 (released with Fuji) integrated User Criteria into the Knowledge Management application. User Criteria is meant to provide more configurable access controls for a more robust knowledge base. User Criteria allows you to choose your level of security based on groups, roles, locations etc. and are applicable at the Knowledge base level. As a part of the changes, the "Role" field on the article was hidden. This gives the perception that it's not feasible to configure article level security, within a single Knowledge Base.

With KM v3, it is possible to configure article level security, if desired, in your implementation. Additionally, you can implement additional filtering of articles. I will show you how to apply roles to articles in an Knowledge Base, as well as how to use Business Rules to filter with custom fields.

Roles based access control is honored by Knowledge v3 interfaces such as search and article view. In order to configure article view access, you will need to enable the "Role" field and set the roles on each Article, that you would like to allow "read" access.

Please note that this will work in coordination with the User Criteria defined for the Knowledge base. This means that if the KB does not provide read access to a specified group, allowing access via "Roles" will not bypass those restrictions. The "write" permissions will continue to be controlled by the User Criteria definitions. You will need to have broader access permitted through User Criteria (on KB configuration) and then apply restrictions on the article, to limit its access. Once the roles are enabled, you can select Roles from the article, as has been supported in earlier releases.

The earlier releases of Knowledge v3 had some known issues working with roles, so there were some fixes made to address them. These are available on Fuji Patch 12 and Geneva Patch 4 and onwards.

Article filtering using custom fields, is an option for securing articles using parameters other than roles. Some use cases such as "Product" or "Location" based entitlement can be achieved using this framework. You can consider this as a replacement for complex ACL logic. You will need to start by configuring a new field in the Knowledge form.

Let's create a "region" field, for example:

After that you can configure a "before" query business rule to filter content based on the logged in user's region.

In order to retrieve and compare against the location, you would need to script some of the logic in the "Advanced" section.

var gr = new GlideRecord("sys_user");

gr.get(gs.getUserID());

var currentUserLocation = gr.location.country;

var q=current.addNullQuery('u_location');

q.addOrCondition('u_location', currentUserLocation);

gs.print("Query restricted to location: " + currentUserLocation);

This will allow you to restrict the content based on region. The rules will apply in:

• Search
• Browse
• Article viewing

Allowing the additional controls that you may need. Using either or a combination of the Roles and Business rules you can configure who can access articles beyond the Knowledge Base level. For more information on upgrading to knowledge v3 see All things Upgrade considered on Knowledge v2 to v3.