Use Create Formula for Document- and Role-Based Access Control

This article walks you through the Create Formula screen, starting with document-based access control which is available on all content sources and then turning to role-based access control, available only in Salesforce. For concrete examples, check out Example 1: Hide a Document Based on Its URL in the Related section.

Document-Based Access Control

Restrain visibility in search results even for those content sources where role-based access control is not possible because the users aren't required to log in. The documents to go public or invisible are selected based on their field properties, such as the title, URL, author name, create date, and others.

Role-Based Access Control

Access restrictions on Salesforce cases, articles, and other objects are carried over to indexed files by default. If a case is out of scope for a user ID inside Salesforce console, the case remains inaccessible on the search results page as well. However, sometimes admins might want to diverge from the default settings. In such scenarios, they can use Create Formula's role-based access control.


If Salesforce is one of your content sources, then you can extend role-based access control settings with Independent Conditions to other content sources as well.

Popular Use Cases

Fig. 1.1

Create Formula Screen

On the Content Sources screen, select a content source and a content type. Then click Create Formula. For illustration, the content source in the next image is Product Documents and the content type is Documentation.

A dialog opens. On the extreme left of the dialog is a tab in light orange, which is the object Documentation.

The remaining tabs in gray are content types (fields). Their number varies with the content source and the content type. In the next image, you can spot eight fields for the object Documentation, namely Body, Category, Content, Created Date, Heading, Last Updated, Title, and URL.

Document-based access control can be applied either on:

  1. Entire objects
  2. Individual content fields

Let's say your goal is to change visibility settings of Documents based on a document's created date. For that, click Created Date.

A dialog will open in which two fields are of interest to us:

  1. Action Name is where access control settings are labeled. Prefer descriptive labels. For demonstration, "Exclude May 2021" has been chosen. Our goal is to hide all the documents created in the month of May 2021 from the search results page.
  2. Add Conditions. User personas in Add Conditions support only Salesforce. Scroll down to User-Based Access Control to learn about them.
  3. Response is where field values are selected. The idea of picking field values can seem tricky at first but once grasped, you will find it intuitive. Here are two examples:
    • GOAL: Hide all the articles written by Jose Saramago. Here article is an object, author name is a field, and Jose Saramago is an author name value. The field author name can take other values as well, such as Naguib Mahfouz, Fyodor Dostoevsky, or Michel de Montaigne. But we want the action of hiding articles described in Map Rules into Formula and Formula Field Mapping (next sections) to take place only when author name has a specific value (Jose Saramago).
    • GOAL. Don't show any article drafts to external users. Article is an object, article state is a field and in article state == draft, the field value is draft. Users are another object and user type is a field. In our case, user type == external. The goal is to hide all drafts from external users which is possible in Map Rules into Formula and Formula Field Mapping.



GOAL: Hide the documents created in May, 2021.

Documentation is an object (Fig. 1.3) and Created Date is a field (Fig. 1.3). May, 2021 is a value of the field Created Date. We click Created Date and a new dialog opens (Fig. 1.4).

Because the goal is to hide documents, we give our action a descriptive name in Action Name. In Response, we select the date range.

Fig. 1.4

When you click Save, the dialog resembles the next image. In the left section, Rules, a row has appeared.

All we have done so far is specify that we want an action to occur when a field value is present. What that action is going to be is specified in Map Rules into Formula or Formula Field Mapping using the following four operators. 


Four operators are available.

  • AND. Boolean operator. Used to select two or more field values. AND (Val1, Val2, Val3)  returns only those documents which have all of these three field values.
  • OR. Boolean operator. Used to make a selection between two or more field values. OR (Val1, Val2, Val3) returns all the documents which have any of these three field values.
  • NOT. Boolean operator. Used to exclude documents with specified field values from results. NOT (Val1) excludes all the documents with the field value Val1.
  • REGEX.Interpret the field value as a regular expression. It is useful when a field is, let's say, view_href and you want to go public with or remove access to URLs from a specific host. Or when the field is title and you don't want any document with the word "archived" in it.

Rules List

The formula are essentially Action Names with Response values. Once created, they are available for use on any content source and across all search clients. We have so far created only one Formula: Exclude May, 2021.

Map Rules into Formula

Map Rules into Formula offers a board where you can use Operators and Rules to define a formula. When at least one rule is created, the operator node starts showing up on the Map Rules into Formula Board. In the next image, you can see a simple formula, where all the articles created in May, 2021 are excluded from search results. To start with, we will select NOT from the Operator dropdown.

Click ICON, then from Add Rule, select Exclude May 2021.

Click Check Syntax and then Save.

Formula (Expression)

Formula Expression is an alternative way to write formulas. Instead configuring a GUI, you write formulas. To obtain the same result that we have achieved through Map Rule Into Formula, write NOT(Exclude May 2021) in Formula (Expression), click Check Index, and then Save.

Both Formula (Expression) and Map Rule Into Formula are two alternative methods to obtain identical results.

Fig. 1.6

Role-Based Access Control (Salesforce)

Role-based access control is solely available for Salesforce content sources. Instead of an admin specifying explicitly, Responses are picked based on certain user properties. The entire process has three steps, as opposed to two in document-based access control. The extra step is Add Conditions, which can be completed in three parts: 

  1. Define User Properties
  2. Select an Operator
  3. Write a condition

Each of the steps is explained next.

User Properties

Six user properties are supported: 

  • UserId
  • UserType
  • AccountId
  • ProfileId
  • ContactId
  • PermissionSet

Fig. 1.7


The user properties are then compared with values using operators, of which six are available.

  • Equals: Equation is true when User Property equals to the specified value.
  • Not Equals: Equation is true when User Property is not equal to the specified value.
  • And: Equation is true when two or more User Properties are true.
  • OR: Equation is true at least of the User Properties is true.
  • Includes: Equation is true when a User Property includes the specified value.
  • Dependency in: Equation is true when a User Property equals the Response value of another Action.

Fig. 1.8


With user properties and operators, you can create simple as well as complex creations. One simple condition is in the next image which hides the documents created in May 2021 only to External users. It's entirely identical to the previous condition, except that User Type is defined.

Next either through Map Rules Into Formula or Formula (Expression), obtain the equivalent of NOT(Exclude May 2021).

Fig. 1.10

Independent Conditions

Independent Conditions are used to extend role-based access control settings, based on Salesforce, to other content sources.


An organization uses Salesforce Community and another to host docs, let's say Confluence. It wants to hide a document, Bug Fixes: 2021-12-04, on Confluence from external users. Document-based access control would have sufficed if the goal was to hide it from all the users. But that's not the case here. We want everyone, but external users, to be able to find the document. However, access control based on a user's profile is available only in Salesforce. It's exactly for such situations that Independent Conditions offers a way out.

The following example shows how you can hide a Confluence document based on its title from external users. The users are identified from Salesforce data.

Open a search client, connected with both Confluence and Salesforce Community, for editing. Next go to Content Sources, find Salesforce Community, click Create Formula, and then Independent Conditions.

Give the condition a descriptive title in Action Name. In Add Condition, set User.UserType == External. Finally, insert True in Response.

Save the settings. Then open the Confluence content source. In our case, the content source is named Docs Site.


Although this example is about Confluence, the same steps can be applied to any content source other than Salesforce.

Next, give the action a name, select Equals from Operator and choose Hide from External (the independent condition from Salesforce Community) from Dependency. In Response, write the title of the document that has to be hidden.

Here's a summary of what's happening here:

  • Hide Bug Fixes Doc (Confluence) calls Hide From External (Salesforce Community Independent Condition)
  • Hide From External (Salesforce Community Independent Condition) returns True if the user is External
  • When the condition is True, Hide Bug Fixes Doc (Confluence) returns Bug Fixes: 2021-12-04 from Response

VoilĂ ! We have just applied user-based access control on a non-Salesforce platform with Independent Conditions.

Example 1: Hide a Document Based on Its URL