Knowledge Users Need Both 'Can read' and 'Cannot Read'DescriptionKnowledge article read permissions are required for a sub group of users that belong to a cannot read group.CauseUsers who meet both Can Read and Cannot Read user criteria are denied read access to the knowledge article. The Cannot Read setting overrides the Can Read setting.https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/knowledge-management/task/t_SelectUCArticle.htmlResolutionThis is working as intended - the cannot read user criteria will override the can read criteria in this case. The only potential workaround that I can see would be giving the users the 'can contribute' access, but this would depend on your use case. If users have contribute access to the knowledge base, they also have read access to the knowledge article regardless of the Cannot Read setting.