--- title: Permission Checker deprecated: false hidden: true metadata: robots: index --- ## What is Permission Checker? The Permission Checker tool is a new feature inside MW Setup that allows customer admins and partners to verify whether a specific user has access to specific knowledge base articles or files by entering the user's email address. If the user has permissions, the result displays `Has permission: True`, otherwise `Has permission: False`. **The permission details section displays the following details:** * **Permission Strategy**: Shows the permission strategy configured in Core Platform > Resource Permissions > Permission Rules page > **Strategy Config** * If the ReBAC is selected, it displays `Native Permissions` * If ABAC/Public to all members of the organization is selected, it displays `Moveworks Enforced Permissions` * **Additional Rules**: ****Shows the DSL rules configured in Core Platform > Resource Permissions > Permission Rules page > **Additional Restrictions** (ReBAC only) **Troubleshooting Use Cases for Permission Checker Tool:** * A user complains that they cannot find specific documents or KB articles in their search results, even though they should have access * After updating access controls, group memberships, or permission rules, you need to confirm that changes took effect correctly * Need to verify that new employees/UAT users can access required knowledge base content * After a configuration change, need to validate that content permissions are functioning correctly ![](https://files.readme.io/18bb8a275e9df941584d0bc2e2ba2c833cbf834a1c854633224b3f0dec308692-image.png) ![](https://files.readme.io/b918ce82ffa3b39067c0f097d50e826cc455b2999b12b05728d1479ea7d6f49f-image.png) ## How to Access and Use the Permission Checker in MW Setup? To verify if a user has access to a specific KB article or file: 1. Navigate to **MW Setup > Enterprise Search > Answers > Ingested Knowledge** 2. Select **Internal Knowledge** or **Files** and click on any record 3. **Check the permission details** to review the permission strategy (Native Permissions or Moveworks Enforced Permissions) and any additional restrictions (if any) 4. Click **'View Permission For User'** → Enter user's email → Click **'View Permission'** 5. Review the results 1. If the user has permission: the result will show `Has permission: True` 2. If the user doesn't have permission: the result will show `Has permission: False` 3. In case of any errors such as invalid user or user not present in the system, a `'Not able to fetch permissions'` error will be displayed **Note:** If permissions are not ingested, it’ll display a `'0 Permission Ingested'` error. ## FAQs * **When content has both Native Permissions and Additional Restrictions configured, how is access determined?** * Permission Checker applies Additional Restrictions on top of Native Permissions using **AND** logic - both the native source permissions AND the additional DSL rules must allow access for the result to show "True.” * **I see "Native Permissions" as the permission strategy but ‘-’ in the Additional Rules - does this mean no restrictions are applied?** * Correct, if Additional Rules shows "-" or is empty, only the source system's native permissions are being used without any additional Moveworks-defined restrictions * **Does Permission Checker work for ServiceNow content even though ACL permissions aren't displayed in the UI?** * Yes, Permission Checker can evaluate ServiceNow content permissions, but we do not support showing ACL ingestion yet * **Why does ServiceNow content show `"Permission Ingested: False"` and display `"0 Permission Ingested"` errors?** * This is a known limitation that will be resolved in the upcoming ServiceNow-specific enhancements * **After updating permissions in the external system, how long should I wait before testing with Permission Checker?** * Wait for your next scheduled ingestion cycle to complete - Permission Checker reflects permissions as of the last successful ingestion, not real-time source system changes * **Can I use Permission Checker to bulk test multiple users against the same document?** * No, Permission Checker supports individual user testing only