Use Create Formula for Document- and Role-Based Access Control
This article walks you through the Create Formula screen, starting with document-based access control which is available on all content sources and then turning to role-based access control, available only in Salesforce.
Document-Based Access Control
Restrain visibility in search results even for those content sources where role-based access control is not possible because the users aren't required to log in. The documents to go public or invisible are selected based on their field properties, such as the title, URL, author name, create date, and others.
Role-Based Access Control
Access restrictions on Salesforce cases, articles, and other objects are carried over to indexed files by default. If a case is out of scope for a user ID inside Salesforce console, the case remains inaccessible on the search results page as well. However, sometimes admins might want to diverge from the default settings. In such scenarios, they can use Create Formula's role-based access control.
NOTE.
If Salesforce is one of your content sources, then you can extend role-based access control settings with Independent Conditions to other content sources as well.
Popular Use Cases
Fig. 1.1
Create Formula Screen
On the Content Sources screen, select a content source and a content type. Then click Create Formula. For illustration, the content source in the next image is Product Documents and the content type is Documentation.
A dialog opens. On the extreme left of the dialog is a tab in light orange, which is the object Documentation
.
The remaining tabs in gray are content types (fields). Their number varies with the content source and the content type. In the next image, you can spot eight fields for the object Documentation
, namely Body
, Category
, Content
, Created Date
, Heading
, Last Updated
, Title
, and URL
.
Document-based access control can be applied either on:
- Entire objects
- Individual content fields
Let's say your goal is to change visibility settings of Documents
based on a document's created date. For that, click Created Date
.
A dialog will open in which two fields are of interest to us:
- Action Name is where access control settings are labeled. Prefer descriptive labels. For demonstration, "Exclude May 2021" has been chosen. Our goal is to hide all the documents created in the month of May 2021 from the search results page.
- Add Conditions. User personas in Add Conditions support only Salesforce. Scroll down to User-Based Access Control to learn about them.
- Response is where field values are selected. The idea of picking field values can seem tricky at first but once grasped, you will find it intuitive. Here are two examples:
- GOAL: Hide all the articles written by Jose Saramago. Here
article
is an object,author name
is a field, andJose Saramago
is anauthor name value
. The field author name can take other values as well, such as Naguib Mahfouz, Fyodor Dostoevsky, or Michel de Montaigne. But we want the action of hiding articles described in Map Rules into Formula and Formula Field Mapping (next sections) to take place only when author name has a specific value (Jose Saramago
). - GOAL. Don't show any article drafts to external users. Article is an
object
,article state
is afield
and inarticle state == draft
, the field value isdraft
.Users
are anotherobject
anduser type
is afield
. In our case,user type == external
. The goal is to hide all drafts from external users which is possible in Map Rules into Formula and Formula Field Mapping.
- GOAL: Hide all the articles written by Jose Saramago. Here
Illustration
GOAL: Hide the documents created in May, 2021.
Documentation
is an object
(Fig. 1.3) and Created Date
is a field
(Fig. 1.3). May, 2021
is a value
of the field Created Date
. We click Created Date
and a new dialog opens (Fig. 1.4).
Because the goal is to hide documents, we give our action a descriptive name in Action Name. In Response, we select the date range.
Fig. 1.4
When you click Save, the dialog resembles the next image. In the left section, Rules, a row has appeared.
All we have done so far is specify that we want an action to occur when a field value is present. What that action is going to be is specified in Map Rules into Formula or Formula Field Mapping using the following four operators.
Operators
Four operators are available.
- AND. Boolean operator. Used to select two or more field values.
AND (Val1, Val2, Val3)
returns only those documents which have all of these three field values. - OR. Boolean operator. Used to make a selection between two or more field values.
OR (Val1, Val2, Val3)
returns all the documents which have any of these three field values. - NOT. Boolean operator. Used to exclude documents with specified field values from results.
NOT (Val1)
excludes all the documents with the field valueVal1
. - REGEX.Interpret the field value as a regular expression. It is useful when a field is, let's say,
view_href
and you want to go public with or remove access to URLs from a specific host. Or when the field istitle
and you don't want any document with the word "archived" in it.
Rules List
The formula are essentially Action Names with Response values. Once created, they are available for use on any content source and across all search clients. We have so far created only one Formula: Exclude May, 2021.
Map Rules into Formula
Map Rules into Formula offers a board where you can use Operators and Rules to define a formula. When at least one rule is created, the operator node starts showing up on the Map Rules into Formula Board. In the next image, you can see a simple formula, where all the articles created in May, 2021 are excluded from search results. To start with, we will select NOT
from the Operator dropdown.
Click ICON, then from Add Rule, select Exclude May 2021.
Click Check Syntax and then Save.
Formula (Expression)
Formula Expression is an alternative way to write formulas. Instead configuring a GUI, you write formulas. To obtain the same result that we have achieved through Map Rule Into Formula, write NOT(Exclude May 2021) in Formula (Expression), click Check Index, and then Save.
Both Formula (Expression) and Map Rule Into Formula are two alternative methods to obtain identical results.
Fig. 1.6
Role-Based Access Control (Salesforce)
Role-based access control is solely available for Salesforce content sources. Instead of an admin specifying explicitly, Responses are picked based on certain user properties. The entire process has three steps, as opposed to two in document-based access control. The extra step is Add Conditions, which can be completed in three parts:
- Define User Properties
- Select an Operator
- Write a condition
Each of the steps is explained next.
User Properties
Six user properties are supported:
- UserId
- UserType
- AccountId
- ProfileId
- ContactId
- PermissionSet
Fig. 1.7
Operators
The user properties are then compared with values using operators, of which six are available.
- Equals: Equation is true when User Property equals to the specified value.
- Not Equals: Equation is true when User Property is not equal to the specified value.
- And: Equation is true when two or more User Properties are true.
- OR: Equation is true at least of the User Properties is true.
- Includes: Equation is true when a User Property includes the specified value.
- Dependency in: Equation is true when a User Property equals the Response value of another Action.
Fig. 1.8
Conditions
With user properties and operators, you can create simple as well as complex creations. One simple condition is in the next image which hides the documents created in May 2021 only to External users. It's entirely identical to the previous condition, except that User Type is defined.
Next either through Map Rules Into Formula or Formula (Expression), obtain the equivalent of NOT(Exclude May 2021).
Fig. 1.10
Independent Conditions
Independent Conditions are used to extend role-based access control settings, based on Salesforce, to other content sources.
Example
An organization uses Salesforce Community and another to host docs, let's say Confluence. It wants to hide a document, Bug Fixes: 2021-12-04, on Confluence from external users. Document-based access control would have sufficed if the goal was to hide it from all the users. But that's not the case here. We want everyone, but external users, to be able to find the document. However, access control based on a user's profile is available only in Salesforce. It's exactly for such situations that Independent Conditions offers a way out.
The following example shows how you can hide a Confluence document based on its title from external users. The users are identified from Salesforce data.
Open a search client, connected with both Confluence and Salesforce Community, for editing. Next go to Content Sources, find Salesforce Community, click Create Formula, and then Independent Conditions.
Give the condition a descriptive title in Action Name. In Add Condition, set User.UserType == External
. Finally, insert True
in Response.
Save the settings. Then open the Confluence content source. In our case, the content source is named Docs Site.
NOTE.
Although this example is about Confluence, the same steps can be applied to any content source other than Salesforce.
Next, give the action a name, select Equals
from Operator and choose Hide from External
(the independent condition from Salesforce Community) from Dependency. In Response, write the title of the document that has to be hidden.
Here's a summary of what's happening here:
Hide Bug Fixes Doc
(Confluence) callsHide From External
(Salesforce Community Independent Condition)Hide From External
(Salesforce Community Independent Condition) returnsTrue
if the user isExternal
- When the condition is
True
,Hide Bug Fixes Doc
(Confluence) returnsBug Fixes: 2021-12-04
from Response
VoilĂ ! We have just applied user-based access control on a non-Salesforce platform with Independent Conditions.