Knowledge Users Need Both 'Can read' and 'Cannot Read'Issue Knowledge article read permissions are required for a sub group of users that belong to a cannot read group.CauseUsers who meet both Can Read and Cannot Read user criteria are denied read access to the knowledge article. The Cannot Read setting overrides the Can Read setting.https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/knowledge-management/task/t_SelectUCArticle.htmlResolutionThis is working as intended - the cannot read user criteria will override the can read criteria in this case. The only potential workaround that I can see would be giving the users the 'can contribute' access, but this would depend on your use case. If users have contribute access to the knowledge base, they also have read access to the knowledge article regardless of the Cannot Read setting.