How to restrict Knowledge Categories to be visible by Status and Role?

Document ID : KB000112258
Last Modified Date : 27/08/2018
Show Technical Document Details
Question:

How to restrict "Knowledge Categories" to only your choice of Status Draft, Evaluate, Published or Retired to be shown?

It is possible to restrict the Status of "Knowledge Documents" that you can see by selecting the available Statuses.
The Knowledge Document access is configured from:

  • Role Detail
  • Knowledge Management
  • KT Document Visibility
  • Select Statuses

However, this only applies to the Knowledge Documents. It still allows access to the Knowledge Categories to these Statuses. 

Knowledge Category Status Filter shows all Statues in CA ITSM


How can the Categories view be restricted by Status?
 

Answer:
Use a View Data Partition to change the Knowledge Category Status visibility.

Example
On the SKELETONS Table, put on a View Data Partition Constraint to allow visibility with:
  • Draft (status_id=10)
  • Publish (status_id=70) 
  • Retired (status_id=80)
Knowledge Category Data Partition showing SKELETONS Table to restrict Statuses in CA ITSM

Query:
(ACTIVE_STATE>=0) AND (READ_PGROUP in @root.pgroups OR READ_PGROUP.[pgroup]contained_roles.role IN @root.role OR (ACTIVE_STATE > 0 AND ASSIGNEE_ID = @root.id) or (ACTIVE_STATE = 0 and OWNER_ID = @root.id)) AND (STATUS_ID=10 or STATUS_ID=70 or STATUS_ID=80)

It is best to align this with the Knowledge Document Visibility assigned earlier to the Role for consistency.

Now when a user of the Knowledge Tab Search or Knowledge Categories Search will show the same list of Knowledge Documents returned.

Caution:
  • This query is given "as is." It may be possible to optimise this query further, with further use of the "LIKE" or "IN" operators.
  • It may need tailoring to your individual site.
  • Please monitor any change to a Data Partition Constraint after implementation to a production system to ensure that excessive SQL query times are not recorded.
  • Please see your DBA for all query optimisation as best practice.

Advantages
  • Data Partition Constraints are the best practice primary security layer to use
  • Data Partition Constraints reduce load on the database by restricting information requests
  • Data Partition Constraints apply to all forms of access, such as the web client and pdm_ command line utilities.
Disadvantages
  • Data Partition Constraints are "always on." Once restricted, a user is always restricted - unless they change Role.
  • You may need to set up multiple Roles for users. A default "restricted" Role, and a "more access" Role.

 

Additional Information:
See this CA Communities thread for further discussion:
How can I make Knowledge document not visible for a role in the categories view