CA Service Desk Manager (CA SDM) users who are not members of any user Groups with write permission to Knowledge Documents, are still able to modify Knowledge Documents. How can this be prevented?
In CA SDM, permission rules are implemented using data partition constraints. Knowledge Documents can be restricted for editing by setting write permissions to specific User Groups. A user not belonging to such user groups with write permissions might still be able to perform an edit on Knowledge Documents.
If a user's data partition does not contain the phrase 'WRITE_PGROUP in @root.pgroups', then that user will be able to edit Knowledge Documents even when the user groups to which the user belongs to are not included in the Write Permissions on those Knowledge Documents.
The out of the box CA SDM Analyst data partition contains this constraint. That can be used as an example when coding custom CA SDM data partition constraints.