Group permissioning in Service Catalog and Knowledge Base

I use group permissions for our Service Catalog and Knowledge Base. I ran into an issue today where I added a technician who was in a permissioned group for the Service Catalog and Knowledge Base into group that was created for a report and is not permissioned to those areas. The technician lost all access to the Service Catalog and Knowledge Base categories. Shouldn't the greater access, permissioned groups trump the non-permissioned groups?

Tags permissions knowledge-base service-catalog
Asked by Kathy Holman on Fri 1/15/16 11:41 AM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Phil Curl Fri 1/15/16 11:50 AM

Hi Kathy,

Groups that have specified permissions restricting users from viewing services or knowledge base articles will always trump user-level settings specifying that a user can view a service or KB article. This is because group-level permissions work on a blacklist basis. This means that if your service is configured to blacklist a certain group, they won't see the service. You cannot work around that - which is by design to restrict certain groups from viewing the service when specified. To acheive the functionality you described, you would instead have to create whitelist permissions for the group that define who *can* see the service, rather than a blacklist of who cannot. I hope this has helped clarify group-based permissions. If there is anything else we can do to help, please let us know.


Phil Curl


No feedback