Managed Permissions

Overview

Moveworks imports a variety of user attributes such as division, department, country code from Chat, ITSM, or IDAM integrations. These user attributes can be made available to the Moveworks Access Control Platform to be used to configure access control for resources such as forms and knowledge natively within Moveworks, without having to rely on a 3rd party system.

📘

Managed Permissions cannot be co-exist with Mirrored Permissions

For any integration that supports mirrored permissions, the managed permissions setup cannot be configured simultaneously.

Supported Restrictions

Moveworks can enable restrictions on any user attribute imported into the Moveworks user profile, and the following attributes of an article:

  1. Knowledge base of the knowledge platform. e.g:
    1. For ServiceNow, this is the "knowledge base"
    2. For Confluence, this is the "space"
    3. For Sharepoint, this is the "site"
    4. For Moveworks FAQs, this is the "Sheet tab"
  2. Information on the HTML url of the article

Example restrictions

  1. Only show articles from the HR ServiceNow Knowledge Base to users in specific countries:
    1. e.g: (resource.knowledge_base.$LOWERCASE() IN ["ITHELP".$LOWERCASE()]) AND (user.country_code.$LOWERCASE() IN ["Cambodia", "Thailand", "Vietnam".$LOWERCASE()])
  2. Only show articles from the ITHELP Confluence space to users in the Engineering division
    1. e.g: (resource.knowledge_base.$LOWERCASE() IN ["ITHELP".$LOWERCASE()]) AND (user.division.$LOWERCASE() IN ["Engineering".$LOWERCASE()])