3Manage Knowledge Users

This chapter contains the following:

You manage knowledge users so that people in your organization can use the knowledge base to create and publish articles and use knowledge to answer questions. You can make knowledge available to any new or existing Service or HCM users, if they were created using the correct process. You make knowledge available by assigning roles that contain knowledge privileges. You can use predefined roles or create roles based on your organization's needs. You can also manage knowledge users by changing or removing their capabilities and privileges. You can update users by changing their roles or by modifying the roles that they currently have. Remember, if you modify a role, your change will affect every user who has that role.

Create Knowledge Users

You don't actually create knowledge users in the knowledge application. Instead, you grant knowledge roles to users that were properly created in the Sales or HCM applications. You can grant knowledge roles to Service users who were created using the Manage Users work area, as described in the Securing CX Sales and B2B Service guide. You can grant knowledge roles to HCM application knowledge who were created using the Hire an Employee task or a similarly configured bulk user creation process, as described in the Securing HCM guide.

Note: You can't grant knowledge roles to Service application users who were created in the Security Console. Users created by this process will not be able to access knowledge functions when granted knowledge roles. Don't use the Create User process to create HCM knowledge users; this process is not intended for users who need access to a full range of HCM capabilities, including knowledge.

Predefined Knowledge Roles

Knowledge has predefined roles that you can use to grant capabilities to users. Different types of users have different knowledge requirements, and some individual users belong to more than one type of knowledge user. For example, customer service representatives are often also authors who contribute articles to the knowledge base. Here are descriptions of the predefined roles for Service and HCM applications to help you decide which ones to assign to the users in your organization.

Service Application Roles

Use these roles to assign Knowledge capabilities to Service knowledge users.

Role Purpose Capabilities

Customer Service Representative

Provides agents with the capabilities to use knowledge to help resolve customer issues.

  • Access to My Knowledge

  • Access to knowledge in SRs

  • Access to public and internal articles

  • Access only to Service knowledge base content

Customer Service Manager

Provides managers with the capabilities they need to supervise customer service representatives and manage their team's knowledge activities.

  • Access to My Knowledge

  • Access to knowledge in SRs

  • Access to public and internal articles

  • Access only to the Service knowledge base

Knowledge Author - Service

Provides authors with access to Service knowledge content so that they can contribute to the knowledge base.

  • Access to authoring

  • Access to public and internal articles

  • Access only to the Service knowledge base

Customer Self Service User

Provides external web users with access to public knowledge in Digital Customer Service and in user-defined pages and portals.

  • No access to knowledge authoring or management

  • No access to internal user group articles

HCM Application Roles

Use these roles to assign Knowledge capabilities to HCM HR Help Desk knowledge users.

Role Purpose Capabilities

HR Help Desk Manager

Provides managers with the capabilities they need to supervise HR Help Desk agents and manage their team's knowledge activities.

  • Access to My Knowledge

  • Access to knowledge in HCM service requests

  • Access to authoring

  • Access to public and internal articles

  • Access only to the HCM knowledge base

HR Help Desk Administrator

Provides capabilities to administer knowledge in HR Help Desk.

  • Access to Knowledge Home

  • Access to knowledge in HCM service requests

  • Access to public and internal articles

  • Access only to the HCM knowledge base

Knowledge Author - HCM

Provides authors with access to Service knowledge content so that they can contribute to the knowledge base.

  • Access to authoring

  • Access to public and internal articles

  • Access only to the HCM knowledge base

General Knowledge Roles

Use general knowledge roles to assign Knowledge Manager capabilities to Service and HCM application users.

Role Purpose Capabilities

Knowledge Manager

Knowledge Managers administer and manage the knowledge base and other functional areas to ensure that users access relevant knowledge and that authorized contributors can create and manage knowledge base content.

  • Access to My Knowledge

  • Access to authoring

  • Access to knowledge analytics

  • Access to knowledge setup and maintenance tasks

  • Access to user management

  • Access to public and internal articles

  • Access to both HCM and Service knowledge bases

Knowledge Analyst

The Knowledge Analyst role is a legacy role that is not recommended for use in new implementations. It enables users to create and manage knowledge in both Service and HCM applications.

  • Access to My Knowledge

  • Access to authoring

  • Access to knowledge analytics

  • Access to public and internal articles

  • Access to both HCM and Service knowledge bases

Create Knowledge Roles

Creating a role requires the completion of several steps comprised of smaller procedures including basic role information, attaching functional and data security privileges, building role hierarchies and assigning users. Ensure that each role you create and the content type it grants privileges to belong to the same application.

When you create a new role, you must consider role security. As with roles, you have predefined Data Security Policies ("DSP") and Functional Security Policies ("FSP") you attach to a role. You also have the option of creating your own DSP and FSP when you create a new role.

To author knowledge articles, a user must be assigned at least one active locale and have a role with all of these assigned:

  • Knowledge Authoring functional privilege

  • At least one content type data security policy

  • At least one department

If any of these conditions is not met, then the user cannot create articles.

Enter Basic Information

Begin creating a role by entering some basic information.

  1. On the Roles tab of the Security Console, click Create Role.

  2. On the Create Role: Basic Information page, enter the role's display name in the Role Name field. For example, enter FAQ Author.

  3. Enter a unique Role Code value. For example, enter FAQ_Author_JOB.

    Job roles use the suffix _JOB.

  4. In the Role Category field, select the appropriate role category, for example, CRM - Job Roles.

Add Functional Security Policies

When you create a role from scratch, you're most likely to add one or more duty roles to your role. You're less likely to grant function security privileges directly to the role. If you aren't granting function security privileges, click Next.

  1. On the Create Role: Functional Security Policies page, click Add Function Security Policy.

  2. In the Add Function Security Policy dialog, search for CSO and select the Knowledge Authoring privilege.

  3. Click Add Privilege to Role.

    • Select a single privilege to add only that privilege to the role, then click Add Privilege to Role to add it.

    • Select a role to add all of its privileges to the role, then click Add Selected privileges to add them.

All of the privileges you added are listed on the Create Role: Functional Security Policies page.

  • Click on a privilege to view details of the code resource that it secures.

  • Delete any privilege by selecting the privilege and clicking the Delete icon.

Note: You can add existing privileges to the new role but you can't create new functional security privileges.

Assign a Data Security Policy

Assign data security policies to the new role. You can usually use predefined policies, but you can also create a new policy.

  1. On the Data Security Policies page, click Create Data Security Policy and change the start date if you need to.

  2. Enter a policy name. The names of predefined data security policies begin with the words Grant on.

  3. Search for and select the database resource for which you're defining the policy, for example, search for a table name.

  4. Select the subset of the data made available by the database resource the policy applies to.

    • Choose Select by key to limit the data set to a single record in the data resource, then enter the primary key for the record in the database resource.

    • Choose Select by instance set to limit the data set to a subset of the data in the data resource, then select a condition that defines a subset of the data. Conditions vary by resource.

    • Choose All values to include all data from the data resource.

    Note: If the predefined conditions for a resource are not appropriate, you can create new conditions. See the topic Managing Database Resources.
  5. Complete the remaining fields, which depend on the selected combination of database resource and data set values.

  6. In the Actions field, select the actions to which this data security policy applies.

You view the new policy on the Data Security Policies page by scrolling to the end of the list of policies. You can edit Data Security Policies on the Security Console.

You can accept the default role hierarchy and click Next to continue.

Assign Users to the Role

You need to assign the new role to one or more users when you create it. The following procedure is one way to do it. There are other ways documented in Securing CX Sales and B2B Service.

Note: You must assign at least one knowledge role to each knowledge user to enable them to create or manage content.
  1. Click Add User on the Create Role: Users page.

  2. In the Add User dialog box, search for and select a user or role.

    • Select a single user to add only that user to the role, then click Add User to Role to add the user.

    • Select a role to add all of users assigned to it, then click Add Selected Users to add them.

The Create Role: Users page shows the updated role membership.

Review the Role

Review the role to ensure that it is created correctly.

  1. On the Create Role: Summary and Impact Report page, review your selections.

    • Summary listings show the functional security policies, data security policies, roles, and users you have added and removed.

    • The Impact listing shows the number of roles and users affected by your changes. Expand any of these listings to see names of policies, roles, or users included in its counts.

If you need to make changes, navigate back to the appropriate page to update the role. Once you save the role, it is immediately available on the Security Console.

Modify User Roles

You can update user capabilities by updating the roles that users already have. You can modify user-defined roles only. Predefined roles cannot be modified. You edit a role by selecting it on the Roles tab of the Security Console and clicking Edit Role. You can't change the role code.

Knowledge Role Examples

Use these examples to create Knowledge roles.

Copy and Edit an Existing Role Example

You may need to give access and capabilities to users that are not available in their current roles. You can create a new role for these users by copying and editing an existing role, and assigning the new role to them. For example, you may have agents who need to create and update FAQs. Here's how you can create a new role based on their current role, and modify it to meet your needs.

To give these agents the ability to create and update FAQs, you just need to follow a few steps:

  • make a copy of their current role

  • add authoring capabilities

  • provide access to FAQs

First, copy the role by going to the Security Console Roles page and finding the Customer Service Representative role. Choose Copy Role, Copy Top Role. Call the new role CSR Author, and also give it the code CSR_Author.

Now you add authoring capability by finding CSO in the functional security policies, then selecting and adding the Knowledge Authoring privilege.

To provide access to FAQs, which are a specific type of article, or content type, create a new data security policy in the new role. Call the new policy something like Access to FAQ. Find CSO in the database resources and select Knowledge Content Types. Since this is a copy of an existing role, leave the Data Set as Select by Key and use the reference key FAQ. Enable agents to view and update FAQs by choosing the Update Article and View Article actions. Finish by assigning the role to a user, and make sure that user has an active locale.

Create a Restricted Authoring Role Example

You may need to limit access and capabilities for certain users that are available in their current roles. You can create a new role that limits the capabilities for these users by copying and editing an existing role, and assigning the new role to them. For example, you may have authors who need to view, create, and edit articles, but do not need to publish, translate, or delete them. Most authors only need access to one application only a few types of articles, so this example shows how to create the new role for use with the Service application and Service FAQ and Service Solution articles.

Here's how you can create a new role to meet your needs. To restrict these authors from publishing, translating, and deleting articles, you just need to follow a few steps:

  • create a new role

  • add authoring capabilities

  • give access to the appropriate knowledge application

  • give access to the appropriate types of articles

  • give access to a limited set of authoring capabilities

First, create the new role by going to the Security Console Roles page and create a new role in the CRM - Job Role category. Add a description like Authoring role with only view and create privileges.

Now you add authoring capability by finding CSO in the functional security policies, then selecting and adding the Knowledge Authoring privilege. To give access to a knowledge application, the types of articles that these authors can work with, and the authoring capabilities, you add two data security policies:

  • a policy that will give the author access to the either the Service or HCM application (also known as department). In this example, you give access to the Service application.

  • a policy that will give authors privileges only to view and update certain types of articles within that application.

First, create the application policy by finding CSO in the database resources, choosing Knowledge Departments, then setting the condition to give access to the Service department. Then create a content policy by finding CSO in the database resources, choosing Knowledge Content Types, and setting the types of articles (content types) for this role to Service FAQ and Service Solution. Finally, choose only the update and view actions, so that authors can view, create, and edit articles, but will not be able to publish, translate, or delete them. Finish by assigning the role to a user, and make sure that user has an active locale.

User Groups

User groups enable you to segment the knowledge base so that different groups of users have access to different segments of the knowledge base. For example, you may grant everyone access to a portion of the knowledge base, but grant agents access to all knowledge articles. You can use either the predefined user groups that come with the application or you can add your own user groups such as Tier-1 Agents, Tier-2 Agents, Partners, Registered Customers and so on, depending on your business needs.

Nearly all user groups are exclusively tied to either the Service or HCM application (or department) and this association cannot be changed. To access HCM knowledge articles a user must belong to an HCM user group. To access Service knowledge articles a user must belong to a Service user group. There is one special user group, the Everyone user group, that is not tied to an application. Knowledge articles with the Everyone user group are accessible to all users, including unauthenticated users.

The predefined user groups are:

  • Internal Service - the internal user group associated with Service

  • Internal HCM - the internal user group associated with HCM

  • Everyone - the user group not associated with any department and that gives access to everyone including anonymous users.

  • Employee - the user group for HCM employees. Depending on your business needs, you can extend this user group to other employees of your business.

Depending on the roles assigned to them, users fall into these predefined user groups:

Role Predefined User Group

Knowledge Author HCM

Internal HCM, Employee

Knowledge Author Service

Internal Service

Knowledge Search HCM

Internal HCM, Employee

Customer Service Manager

Internal Service

Customer Service Representative

Internal Service

Human Resource Help Desk Manager

Internal HCM, Employee

Human Resource Help Desk Administrator

Internal HCM, Employee

Human Resource Help Desk Agent

Internal HCM, Employee

Knowledge Manager

Internal Service, Internal HCM, Employee

Knowledge Analyst

Internal Service, Internal HCM, Employee

Knowledge Search Service

Internal Service

When you upgrade to the current release, the upgrade process automatically updates user groups assigned to articles:

  • If an article is assigned to the Service department and the Internal user group, then the upgrade process assigns the article to the Service department and the Internal Service user group.

  • If an article is assigned to the Service department, and is not assigned a user group, then the upgrade process assigns the article to the Service department and the Everyone user group.

  • If an article is assigned to the HCM department and the Internal user group, then the upgrade process assigns the article to the HCM department and the Internal HCM user group.

  • If an article is assigned to the HCM department, and is not assigned a user group, then the upgrade process assigns the article to the HCM department and the Employee user group.

If you have configured roles with the Internal user group, you must update them by assigning either the Internal Service or Internal HCM user group.

Create User Groups

You can create, update, and delete user groups to restrict access to knowledge. You can group users such that they can access only the documents relevant to them.

Note: To create user groups, you should have the ORA_CSO_KNOWLEDGE_MANAGER_JOB role with the CSO_KNOWLEDGE_SETUP_AND_MAINTENANCE_PRIV privilege.
  1. Sign in to the application and open Setup and Maintenance.

  2. Select the Service offering and select Knowledge Management.

  3. Select Manage Knowledge User Groups and select the + icon to add a new user group.

  4. Enter a unique name and reference key for the user group. The reference key name can have only capital letters, numbers and underscore.

  5. Select a department for the user group. The department cannot be changed once the user group is created.