Every solution in Knowledge Manager is associated with an owning group. Owning groups define the ATG Service users who have access to read and edit a solution. If a user is assigned an organizational role for an organization that has been configured as an owning group, that user is a member of that owning group.
Solution view security for agents is controlled by three solution attributes:
Status – The solution’s ACL grants the
view
solution
right for the current status to the organization represented by the owning group and internal audienceOwning Group – The owning group field is required. Owning groups are single-valued. You can still grant permission to modify the solution to users and organizations outside the owning group by granting them an organizational role corresponding to the owning group with the appropriate role (e.g. Product X Reviewer). Note: There must be at least one owning group before agents can author or save solutions
Internal Audience – The internal audience field is multi-valued and is not required. The internal audience field allows the author to specify additional organizations that should be allowed to view the solution. Internal view security is the union of the values in the owning group and the internal audience field. Thus, members of the owning group will always be included in the internal view security
The right to view a solution in Self Service (external users) is controlled by:
The solution’s external audience
The
externallyVisible
solution property
Users must be directly or indirectly granted an organizational role whose organization exactly matches the solution owning group. Granting the user an organizational role whose organization is either a parent or a child organization of the solution owning group organization does not grant the user permission to the solution.
![](media/image15.png)
Solution Security
Example: Solution Security
For this example, there exists a solution that has the owning group Support and is in the status In Draft. Members of the Support organization have access to the solution because their organization provides the owning group for the solution. However, a member of the support organization can see the solution only if they have been assigned an organizational role that gives them the status right to see solutions that are In Draft status. If the Support member does not have In Draft status access, they will be unable to see the solution despite having the correct owning group.
Members of other organizations, such as Everyone Internal, that have the organizational role that gives them the status right to see solutions that are In Draft status, yet do not have membership to the organization that provides the solution’s owning group, will not be able to see the solution.
To access this example’s solution, the user must be a member of the correct owning group, which is provided by being a member of the Support organization, as well as have the correct organizational role that provides the status right to view solutions In Draft status.
![](media/image16.png)
Example of Status Rights
Note: In order for users to insert attachments and images in a solution, they must have the EPublishing EPub-User
role. See Allowing Users to Upload Solution Attachments for more information.