search cancel

How to restrict Knowledge Categories to be visible by Status and Role?

book

Article ID: 112258

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction



How to restrict "Knowledge Categories" to only your choice of Status Draft, Evaluate, Published or Retired to be shown?

It is possible to restrict the Status of "Knowledge Documents" that you can see by selecting the available Statuses.
The Knowledge Document access is configured from:

  • Role Detail
  • Knowledge Management
  • KT Document Visibility
  • Select Statuses

However, this only applies to the Knowledge Documents. It still allows access to the Knowledge Categories to these Statuses. 

<Please see attached file for image>

Knowledge Category Status Filter shows all Statues in CA ITSM


How can the Categories view be restricted by Status?
 

Environment

Release: MSPAPM99000-17.1-Service Management-Asset Portfolio Management-Package MSP
Component:

Resolution

Use a View Data Partition to change the Knowledge Category Status visibility.

Example
On the SKELETONS Table, put on a View Data Partition Constraint to allow visibility with:
  • Draft (status_id=10)
  • Publish (status_id=70) 
  • Retired (status_id=80)

<Please see attached file for image>

Knowledge Category Data Partition showing SKELETONS Table to restrict Statuses in CA ITSM

Query:
(ACTIVE_STATE>=0) AND (READ_PGROUP in @root.pgroups OR READ_PGROUP.[pgroup]contained_roles.role IN @root.role OR (ACTIVE_STATE > 0 AND ASSIGNEE_ID = @root.id) or (ACTIVE_STATE = 0 and OWNER_ID = @root.id)) AND (STATUS_ID=10 or STATUS_ID=70 or STATUS_ID=80)

It is best to align this with the Knowledge Document Visibility assigned earlier to the Role for consistency.

Now when a user of the Knowledge Tab Search or Knowledge Categories Search will show the same list of Knowledge Documents returned.

Caution:
  • This query is given "as is." It may be possible to optimise this query further, with further use of the "LIKE" or "IN" operators.
  • It may need tailoring to your individual site.
  • Please monitor any change to a Data Partition Constraint after implementation to a production system to ensure that excessive SQL query times are not recorded.
  • Please see your DBA for all query optimisation as best practice.

Advantages
  • Data Partition Constraints are the best practice primary security layer to use
  • Data Partition Constraints reduce load on the database by restricting information requests
  • Data Partition Constraints apply to all forms of access, such as the web client and pdm_ command line utilities.
Disadvantages
  • Data Partition Constraints are "always on." Once restricted, a user is always restricted - unless they change Role.
  • You may need to set up multiple Roles for users. A default "restricted" Role, and a "more access" Role.

 

Additional Information

See this CA Communities thread for further discussion:
How can I make Knowledge document not visible for a role in the categories view

 

Attachments

1558696739604000112258_sktwi1f5rjvs16io1.png get_app
1558696737595000112258_sktwi1f5rjvs16io0.png get_app