Some knowledge_admin users are able to see search results that they should not have access to based on the article role constraintsDescription<!-- div.margin{ padding: 10px 40px 40px 30px; } table.tocTable{ border: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } table.noteTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:2; } table.internalTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:0; } .sp td{ border-bottom: 1px solid; border-right: 1px solid; border-color:#E0E0E0; background-color: #ffffff; height: 20px; padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; } .sphr td{ border-right: 1px solid; border-bottom: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; height: 20px; } .title { color: #D1232B; font-weight:; font-size:25px; } .hd1{ color: #D1232B; font-weight:; font-size:18px; } .hd2{ color: #646464; font-weight:bold; font-size:16px; } .hd3{ color: #7a7a7a; font-weight:; font-size:16 px; text-decoration:; } .hd4{ color: #000000; font-weight:bold; font-size:14 px; text-decoration:; } --> Some knowledge users may be able to see search results that they should not, based on article role constraints. CauseThe behavior is by design in OOB Knowledge Management v2. ResolutionThe customer updated regarding the implementation their team had in mind when the knowledge_admin role was given to roughly 900 users. The customer's use case was that they have 1600+ business applications, and each of them was to have 1-2 knowledge_admins to oversee articles in their respective business application.Unfortunately, this has been causing some issues as the customer is using a knowledge V2/V3 "hybrid." The root cause is the knowledge_admin role: "The knowledge_admin role performs all the activities of the knowledge role; reviews and responds to ratings, flagged articles, and user search information; updates the knowledge portal with links to outside resources," etc. This high access role has been allowing users to see results they should otherwise be restricted from seeing.Testing was done OOB (Out of Box) with a user who had the knowledge_admin role. A role restriction was set on an article, and then a search was done for the aforementioned article. The article was returned as a result from the search. Upon clicking on the article, the user was prohibited from viewing the article's contents. From the kb_knowledge table, however, we were able to see the article just fine in its entirety. The aforementioned behavior, then, is OOB and is expected.To see if this behavior could be avoided (so that the search would only return results the user has the corresponding roles to view), further testing was done OOB with Knowledge V3.In Knowledge V3, two Knowledge Bases were created: (1) Knowledge Base "Apple", and (2) Knowledge Base "Orange". User_A was set as the manager of Knowledge Base "Apple", and User_A alone was set inside of "Can Read" and "Can Contribute." The same thing was done for User_B with Knowledge Base "Orange," and only User_B was set inside of "Can Read" and "Can Contribute."It was confirmed that neither manager could see the other manager's knowledge base at all - nor did any search return the opposite manager's articles (if User_A searched for articles in User_B's Knowledge Base, nothing came up - and vice versa).