Documentation
Start typing to search…
  1. Knowledge Management
  2. User Guide

Content visibility and Permission Management in Knowledge Management

This document outlines the mechanisms used to control content visibility and discovery within the Knowledge Management (KM) ecosystem. It defines how different audience types interact to ensure the right users see the right information across search, browsing, and downstream experiences like Policy Hub.

Core Concept: The Two Permission Layers

To manage a KM system effectively, you must distinguish between who can manage the content and who can see the content.

LayerTypeControls...Roles
Dashboard AccessRBAC / PermissionsWho can author, edit, review, or move content inside the KM dashboard.Admin, Owner, Collaborator, Reviewer
Audience VisibilityApplicabilityWho can discover and consume content in end-user interfaces (Bot, Webview, Search).Employees, Bot Users, Specific Segments

[!NOTE] Audience management is strictly about visibility and applicability, not editing rights.

1. Global Audience Management

The "Central Library" Approach

Global audiences are reusable user groups defined at the workspace level. They serve as the foundational building blocks for visibility rules.

  • Definition: Centralized groups (e.g., "North America Sales," "HR Business Partners") maintained by KM Admins.
  • Usage: Folder or article owners select these pre-defined audiences when restricting content to a "Specific Audience."
  • Product Behavior:
    • Reusable: One audience can be applied to thousands of articles.
    • Stable Reference: Downstream systems use a consistent ID to filter content for the user.


    2. Folder-Level Audience Management

    The "Scoped Branch" Approach

    This mechanism allows admins to attach visibility rules to a specific folder or category, ensuring all content within that branch follows a uniform policy.

    Core Controls

    • Audience Type: Toggle between All users (public) or Specific audience (restricted).
    • State Sensitivity: Apply rules specifically to Drafts, Published content, or both.
    • Inheritance: Enabling Apply to all children pushes the folder’s setting down to every sub-folder and article in the tree.

    Key Considerations

    • Precedence: Clear rules are required if a child article has a different setting than its parent; determine if the child can override the parent.
    • Movement: Moving an article into a restricted folder triggers immediate inheritance. Users should be notified to prevent accidental "dark launches."
    • Versioning: Updating a folder's audience may require a re-publish step to ensure the live end-user experience matches the new settings.

3. Connector-Level Management

The "Automated Visibility" Approach

For large-scale repositories (SharePoint, Google Drive), manual tagging is inefficient. KM uses two automated methods to determine visibility based on the source system.

3A. Path-Based Access Control (PBAC)

This uses folder path keywords and user attributes to filter visibility dynamically.

  • Mechanism: If Path contains [Keyword], then User must have [Attribute].
  • Example: A folder path containing /UK_Benefits/ is only visible to users where Location == 'United Kingdom'.
  • Pros: Scalable; no manual sharing required.
  • Cons: Highly dependent on clean information architecture and consistent naming conventions.

3B. Connector-Synced Permissions

KM maps the Access Control Lists (ACLs) directly from the source system to the KM visibility layer.

  • Mechanism: If a user can read a file in SharePoint, they can discover it in KM.
  • Source of Truth: The external system (G-Drive/SharePoint) dictates the permissions.
  • Watch-out: Ensure that the permissions are properly maintained. If a connector's permissions are ambiguous, the system should not default to "Global Visibility."

Decision Framework: Audience Management Strategy

This guide helps you select the appropriate audience management type based on your organizational structure, content ownership, and governance model.

Strategic Selection Matrix

Org StructurePrimary ApproachWhy?
CentralizedFolder-LevelA single KM team manages curated content for the entire company with high precision.
DivisionalGlobal AudiencesReusable regional/departmental segments (e.g., "EMEA") are applied across various BU folders.
Matrixed / GlobalConnector-LevelHigh-volume, cross-functional data requires automated rules (PBAC) or synced ACLs to scale.

Implementation by Org Type

1. Centralized (Functional)

  • Structure: Standard departments (HR, IT, Finance) with a centralized headquarters.
  • Strategy: Folder-Level Management.
  • Logic: Since a core team authors and controls the "Source of Truth" wikis, manual folder-level rules ensure the highest level of accuracy for internal content.

2. Decentralized (Divisional / Geographic)

  • Structure: Independent Business Units or Regions (e.g., North America vs. APAC) with local content authors.
  • Strategy: Global Audiences.
  • Logic: Admins define a shared library of audiences (e.g., "Sales - UK"). This allows different division leads to apply the same standardized restrictions to their respective sub-folders without duplicating efforts.

3. Matrixed (Global / High Volume)

  • Structure: Complex reporting lines where employees belong to multiple groups (e.g., "UK Product Manager" working on "Mobile").
  • Strategy: Connector-Level (PBAC or Synced ACLs).
  • Logic: Manual tagging fails at this scale. Path-Based Access Control (PBAC) automatically filters visibility by matching folder path keywords (e.g., /UK/Mobile/) to specific user attributes in their profile. Another way(recommend) is to inherit permissions managed within your Knowledge Base such as Sharepoint GoogleDrive.

The Golden Rule of Governance

"Manual for Quality, Automated for Scale."

  • Internal/High-Touch: Use Folder-Level for handcrafted, internal knowledge.
  • External/High-Volume: Use Connector-Level for massive, IT-managed repositories (SharePoint/GDrive).

Quick-Start Guide

If the requirement is...Use this approach...
"Only Directors should see this specific folder."Folder-Level + Global Audience (Directors)
"UK staff should only see UK-specific SharePoint files."Connector-Level (PBAC using /UK/ path)
"This is a public handbook for the whole company."Folder-Level (Set to All Users)
"Mirror the permissions already set in our Google Drive."Connector-Synced Permissions

Updated about 3 hours ago