Use Create Formula for Document- and Role-Based Access Control
This article walks you through the Create Formula screen, starting with document-based access control which is available on all content sources and then turning to role-based access control, available only in Salesforce. For concrete examples, check out Example 1: Hide a Document Based on Its URL in the Related section.
Document-Based Access Control
Restrain visibility in search results even for those content sources where role-based access control is not possible because the users aren't required to log in. The documents to go public or invisible are selected based on their field properties, such as the title, URL, author name, create date, and others.
Role-Based Access Control
Access restrictions on Salesforce cases, articles, and other objects are carried over to indexed files by default. If a case is out of scope for a user ID inside Salesforce console, the case remains inaccessible on the search results page as well. However, sometimes admins might want to diverge from the default settings. In such scenarios, they can use Create Formula's role-based access control.
If Salesforce is one of your content sources, then you can extend role-based access control settings with Independent Conditions to other content sources as well.
Popular Use Cases
Create Formula Screen
On the Content Sources screen, select a content source and a content type. Then click Create Formula. For illustration, the content source in the next image is Product Documents and the content type is Documentation.
A dialog opens. On the extreme left of the dialog is a tab in light orange, which is the object
The remaining tabs in gray are content types (fields). Their number varies with the content source and the content type. In the next image, you can spot eight fields for the object
Document-based access control can be applied either on:
- Entire objects
- Individual content fields
Let's say your goal is to change visibility settings of
Documents based on a document's created date. For that, click
A dialog will open in which two fields are of interest to us:
- Action Name is where access control settings are labeled. Prefer descriptive labels. For demonstration, "Exclude May 2021" has been chosen. Our goal is to hide all the documents created in the month of May 2021 from the search results page.
- Add Conditions. User personas in Add Conditions support only Salesforce. Scroll down to User-Based Access Control to learn about them.
- Response is where field values are selected. The idea of picking field values can seem tricky at first but once grasped, you will find it intuitive. Here are two examples:
- GOAL: Hide all the articles written by Jose Saramago. Here
articleis an object,
author nameis a field, and
Jose Saramagois an
author name value. The field author name can take other values as well, such as Naguib Mahfouz, Fyodor Dostoevsky, or Michel de Montaigne. But we want the action of hiding articles described in Map Rules into Formula and Formula Field Mapping (next sections) to take place only when author name has a specific value (
- GOAL. Don't show any article drafts to external users. Article is an
article stateis a
article state == draft, the field value is
user typeis a
field. In our case,
user type == external. The goal is to hide all drafts from external users which is possible in Map Rules into Formula and Formula Field Mapping.
- GOAL: Hide all the articles written by Jose Saramago. Here
GOAL: Hide the documents created in May, 2021.
Documentation is an
object (Fig. 1.3) and
Created Date is a
field (Fig. 1.3).
May, 2021 is a
value of the field
Created Date. We click
Created Date and a new dialog opens (Fig. 1.4).
Because the goal is to hide documents, we give our action a descriptive name in Action Name. In Response, we select the date range.
When you click Save, the dialog resembles the next image. In the left section, Rules, a row has appeared.
All we have done so far is specify that we want an action to occur when a field value is present. What that action is going to be is specified in Map Rules into Formula or Formula Field Mapping using the following four operators.
Four operators are available.
- AND. Boolean operator. Used to select two or more field values.
AND (Val1, Val2, Val3)returns only those documents which have all of these three field values.
- OR. Boolean operator. Used to make a selection between two or more field values.
OR (Val1, Val2, Val3)returns all the documents which have any of these three field values.
- NOT. Boolean operator. Used to exclude documents with specified field values from results.
NOT (Val1)excludes all the documents with the field value
- REGEX.Interpret the field value as a regular expression. It is useful when a field is, let's say,
view_hrefand you want to go public with or remove access to URLs from a specific host. Or when the field is
titleand you don't want any document with the word "archived" in it.
The formula are essentially Action Names with Response values. Once created, they are available for use on any content source and across all search clients. We have so far created only one Formula: Exclude May, 2021.
Map Rules into Formula
Map Rules into Formula offers a board where you can use Operators and Rules to define a formula. When at least one rule is created, the operator node starts showing up on the Map Rules into Formula Board. In the next image, you can see a simple formula, where all the articles created in May, 2021 are excluded from search results. To start with, we will select
NOT from the Operator dropdown.
Click ICON, then from Add Rule, select Exclude May 2021.
Click Check Syntax and then Save.
Formula Expression is an alternative way to write formulas. Instead configuring a GUI, you write formulas. To obtain the same result that we have achieved through Map Rule Into Formula, write NOT(Exclude May 2021) in Formula (Expression), click Check Index, and then Save.
Both Formula (Expression) and Map Rule Into Formula are two alternative methods to obtain identical results.
Role-Based Access Control (Salesforce)
Role-based access control is solely available for Salesforce content sources. Instead of an admin specifying explicitly, Responses are picked based on certain user properties. The entire process has three steps, as opposed to two in document-based access control. The extra step is Add Conditions, which can be completed in three parts:
- Define User Properties
- Select an Operator
- Write a condition
Each of the steps is explained next.
Six user properties are supported:
The user properties are then compared with values using operators, of which six are available.
- Equals: Equation is true when User Property equals to the specified value.
- Not Equals: Equation is true when User Property is not equal to the specified value.
- And: Equation is true when two or more User Properties are true.
- OR: Equation is true at least of the User Properties is true.
- Includes: Equation is true when a User Property includes the specified value.
- Dependency in: Equation is true when a User Property equals the Response value of another Action.
With user properties and operators, you can create simple as well as complex creations. One simple condition is in the next image which hides the documents created in May 2021 only to External users. It's entirely identical to the previous condition, except that User Type is defined.
Next either through Map Rules Into Formula or Formula (Expression), obtain the equivalent of NOT(Exclude May 2021).
Independent Conditions are used to extend role-based access control settings, based on Salesforce, to other content sources.
An organization uses Salesforce Community and another to host docs, let's say Confluence. It wants to hide a document, Bug Fixes: 2021-12-04, on Confluence from external users. Document-based access control would have sufficed if the goal was to hide it from all the users. But that's not the case here. We want everyone, but external users, to be able to find the document. However, access control based on a user's profile is available only in Salesforce. It's exactly for such situations that Independent Conditions offers a way out.
The following example shows how you can hide a Confluence document based on its title from external users. The users are identified from Salesforce data.
Open a search client, connected with both Confluence and Salesforce Community, for editing. Next go to Content Sources, find Salesforce Community, click Create Formula, and then Independent Conditions.
Give the condition a descriptive title in Action Name. In Add Condition, set
User.UserType == External. Finally, insert
True in Response.
Save the settings. Then open the Confluence content source. In our case, the content source is named Docs Site.
Although this example is about Confluence, the same steps can be applied to any content source other than Salesforce.
Next, give the action a name, select
Equals from Operator and choose
Hide from External (the independent condition from Salesforce Community) from Dependency. In Response, write the title of the document that has to be hidden.
Here's a summary of what's happening here:
Hide Bug Fixes Doc(Confluence) calls
Hide From External(Salesforce Community Independent Condition)
Hide From External(Salesforce Community Independent Condition) returns
Trueif the user is
- When the condition is
Hide Bug Fixes Doc(Confluence) returns
Bug Fixes: 2021-12-04from Response
Voilà! We have just applied user-based access control on a non-Salesforce platform with Independent Conditions.
Last updated: Tuesday, February 27, 2024
Or, send us your review at firstname.lastname@example.org