The issue is identified when migration from Knowledge v2 to v3. It can cause permission issues for non-admin users on some of the kb_knowledge fields depending on the field level ACLs on kb_knowledge. Here are two symptoms: 

  1. Non-Admin user unable to see some fields in the knowledge list or form
  2. Non-admin user unable to make changes to knowledge record

This issue can potentially exist once an instance is upgraded to Fuji or above where articles already exist and custom ACLs are defined on the kb_knowledge and kb_feedback tables. This issue is more likely to manifest after the upgrade to KP12 and LP3 due to the change in the way scripted user criteria are cached.

Steps to Reproduce

1) Verify if the instance has any ACLs that satisfy the following filter condition:

  • Navigate to https://<instance_name>/ (or Access control list from Navigator menu)
  • Add the following filter condition for the list view:
    • Name "starts with" "kb_"
    • Description "contains" "ACL has been created by the Knowledge Management V3"
    • Advanced "is" "true"
  • If any record exists, verify if any ACL contains script in the following pattern:
    • new KBKnowledge().canRead/canWrite/canCreate/canDelete (without answer = )

2) If any record exists, the instance may be impacted by this issue

3) Below are the manifestations of the issue:

  • Login as "non-admin" user with contribute access to any knowledge base
  • Navigate to
  • Verify if any column like short description, number shows blank values
    • OR
  • Try to update the kb_knowledge record
    • Refresh the page and observe that the recently updated changes are not persisted 


This problem is under review and targeted to be fixed in a future release. You can Subscribe to this article to receive notifications when more information will become available. Upgrade to a patch where the fix is available.

The workaround is to add  "answer=" in front of the ACL script that does not contain "answer=" where new KBKnowledge().canRead/canWrite/canCreate/canDelete is invoked:

answer = new KBKnowledge().canRead(current);

Related Problem: PRB1323922

Seen In

Fuji Patch 13 Hot Fix 1
Kingston Patch 10
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - SIR - VirusTotal Integration - New York 2019 Q3
SR - VR - Qualys - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3

Fixed In

Kingston Patch 14
London Patch 6
London Patch 7
Madrid Patch 2
New York

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-10-31 17:16:45