Description
With the glide.knowman.use_live_feed system property set to true, knowledge feedback is stored in both the kb_feedback and live_message tables.
Users with the knowledge_admin role have ACL permission to delete from the kb_feedback table. They do not however have ACL access to delete from the live_message table.
When deleting from kb_feedback as knowledge_admin, this deletes the feedback entry from that table, but when viewing the article, the feedback still shows. This is because the knowledge article's comments are generated from the live_message table.
The knowledge_admin role should have ACL permissions to delete from live_message when it is related to a knowledge article.
Steps to Reproduce
- Log in to an instance with demo data as knowledge administrator
- Open KB0000033, and click View Article in the related links section
- In the Add a comment field at the bottom of the page, type in "this is an inappropriate comment" and press the Post button.
- Navigate to User Administration > Users and open the profile of "ITIL User".
- In the Roles related list click Edit... and add the "knowledge_admin" role to the user
- Impersonate "ITIL User"
- Navigate to Knowledge > Administration > Feedback
- Open the feedback you added in step 5 and delete the record
- Open KB0000033, and click View Article in the related links section
After deleting the record from kb_feedback, the inappropriate comment remains visible at the bottom of the article. It is impossible for a knowledge_admin user to delete the comment from the live_message table.
Workaround
This is expected behaviour. As a workaround, the instance administrator should:
- Create an additional access control rule (ACL) on the live_message table which allows the appropriate permissions to delete records from this table when they are associated with kb_knowledge records
.
- Perform the feedback entry deletion ad system administrator, in which case both the kb_feedback and live_message records are removed.
Related Problem: PRB742165
