Notifications

692 views

Description

The issue is identified when migration from Knowledge v2 to v3. It can cause permission issues for non-admin users on some of the kb_knowledge fields depending on the field level ACLs on kb_knowledge. Here are two symptoms: 

  1. Non-Admin user unable to see some fields in the knowledge list or form
  2. Non-admin user unable to make changes to knowledge record

This issue can potentially exist once an instance is upgraded to Fuji or above where articles already exist and custom ACLs are defined on the kb_knowledge and kb_feedback tables. This issue is more likely to manifest after the upgrade to KP12 and LP3 due to the change in the way scripted user criteria are cached.

Steps to Reproduce

1) Verify if the instance has any ACLs that satisfy the following filter condition:

  • Navigate to https://<instance_name>/sys_security_acl_list.do (or Access control list from Navigator menu)
  • Add the following filter condition for the list view:
    • Name "starts with" "kb_"
    • Description "contains" "ACL has been created by the Knowledge Management V3"
    • Advanced "is" "true"
  • If any record exists, verify if any ACL contains script in the following pattern:
    • new KBKnowledge().canRead/canWrite/canCreate/canDelete (without answer = )

2) If any record exists, the instance may be impacted by this issue

3) Below are the manifestations of the issue:

  • Login as "non-admin" user with contribute access to any knowledge base
  • Navigate to kb_knowledge_list.do
  • Verify if any column like short description, number shows blank values
    • OR
  • Try to update the kb_knowledge record
    • Refresh the page and observe that the recently updated changes are not persisted 

Workaround

This problem is under review and targeted to be fixed in a future release. You can Subscribe to this article to receive notifications when more information will become available. Upgrade to a patch where the fix is available.

The workaround is to add  "answer=" in front of the ACL script that does not contain "answer=" where new KBKnowledge().canRead/canWrite/canCreate/canDelete is invoked:

answer = new KBKnowledge().canRead(current);


Related Problem: PRB1323922

Seen In

Fuji Patch 13 Hot Fix 1
Kingston Patch 10
London

Intended Fix Version

London Patch 7
Madrid Patch 2
New York

Fixed In

Kingston Patch 14
London Patch 6

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-03-20 07:29:13
Published:2019-02-14