Access Information for SharePoint KBAs

For SharePoint Knowledge Bases (KBs), it is crucial to retrieve the associated permissions for each file, allowing their usage within our Access Control List (ACL) system. Presently, we can access permissions for files, and site pages. For site pages, we support only permissions on the site level (not per site page) whereas for files we support permissions per file.

To accomplish this task, we utilize during the ingestion of the KBs the Microsoft Graph API with the following endpoint: MS_GRAPH_URL/drives/driveid/items/itemid/permissions. This API allows us to retrieve permissions associated with a particular file, and these permissions can fall into one of three categories:

Group
SiteGroup
User

By utilizing the Microsoft Graph API in this manner, we can effectively access and manage permissions for files and site pages, enabling a fine-grained control over who can access the file/site page, based on these three distinct permission types.

The resulting JSON will include the following key tags:

global:siteGroups
global:users
global:groups

{
  "tags": [
    "global:siteGroups=aicompliancechatbotdatarepository-5,aicompliancechatbotdatarepository-4,aicompliancechatbotdatarepository-3",
    "global:users=145f3684-ce2a-453d-af8a-12dcd139d311,42259589-439a-42b4-8bb2-757d61378917",
    "global:groups=group1,group2",
    "global:country=Brazil",
    "global:language=pt"
  ]
}

These tags are intended to be utilized by the Access Control List (ACL) system in conjunction with the information obtained from the user's profile who is attempting to access them. The JSON structure will help facilitate access control for site groups, users, and groups in a comprehensive manner, incorporating data from both the SharePoint site and the user's profile to determine access rights and restrictions.

How to Setup Permission Ingestion

To enable the file permissions, as previously described, you must define two fields in the Knowledge Article Fields section. These fields will be integral to the process of managing and integrating permissions within the user profiles, ensuring that the system can effectively store and utilize the necessary information for access control.

In a Sharepoint KB Datasource press the new Field Mapping button and add the 2 following mappings

Field TagKey and Sharepoint Field keys
Field TagValue and Sharepoint Field values

How to add custom TagKey and TagValue

To incorporate additional custom TagKey/TagValue pairs, you have the option to define a JavaScript function within the configuration, specifically in the custom script input text box.

The JavaScript snippet below allows you to add new pairs, such as country TagKey with a Brazil TagValue. This new pair will become a distinct element within the JSON structure under the tags array, as global:country=Brazil . This flexibility allows for the dynamic expansion of custom tagging and metadata associated with the data in the JSON representation.

function transform(jsonObject) {
    var JSONParser = Java.type('org.json.simple.parser.JSONParser');
    var JSONArray = Java.type('org.json.simple.JSONArray');
    var JSONObject = Java.type('org.json.simple.JSONObject');
    var parser = new JSONParser();
    var keysList = parser.parse(jsonObject.keys);
    keysList.add("country");
    jsonObject.keys = keysList;
    var parser = new JSONParser();
    var valuesList = parser.parse(jsonObject.values);
    valuesList.add("Brazil");
    jsonObject.values = valuesList;
    return jsonObject;
}

PreviousContent Access Control NextContent Access Control via APIs

Last updated 1 year ago

Was this helpful?

hashtagHow to Setup Permission Ingestion

hashtagHow to add custom TagKey and TagValue

How to Setup Permission Ingestion

How to add custom TagKey and TagValue