Skip to main content
Question

User-Specific Access Control for Ivanti IT Knowledge Articles in Moveworks

  • April 9, 2026
  • 3 replies
  • 43 views
J
Forum|alt.badge.img

Hi Moveworks Community,

I’m currently working on configuring Ivanti IT Knowledge articles ingestion within Moveworks via the following path:

Moveworks Setup → Enterprise Search → Search → Configure Search → Classic Ingestion → Internal Knowledge

I wanted to understand how we can implement user-specific permissions or access control for knowledge articles ingested from Ivanti IT.

Specifically:

  • How can we ensure that only authorized users or user groups can access certain knowledge articles?

  • Does Moveworks respect source-level permissions from Ivanti IT during ingestion, or do we need to configure access control separately within Moveworks?

  • Are there recommended best practices for mapping user roles/groups between Ivanti and Moveworks to enforce these restrictions?

Any guidance, documentation references, or examples would be really helpful.

 

    3 replies

    rgeroulo
    Forum|alt.badge.img+2
    • rgeroulo
    • Community Manager
    • May 19, 2026

    Hi ​@Jaspreettk!

    Moveworks supports 4 permission strategies as outlined in the Permissions Platform doc. With that said, Moveworks does not respect the native Ivanti permissions (ReBAC) per the Supported Content Connectors - Classic doc. To have control over these IT articles, the RBAC (using DSL) would be the path forward.

    You can leverage any user attribute (ex. is_Manager=true) to define your DSL rule to control who should have access to these IT articles.

    If wanting to ingest the native Ivanti permissions, the path forward would be to create a Content Gateway for the permission ingestion. This is going to be the heaviest lift on the customer side, as it requires setting up REST APIs to allow Moveworks to poll the permissions. I would be curious if the RBAC approach will be sufficient.

    Best,

    Ryan

      J
      Forum|alt.badge.img
      • Jaspreettk
      • Author
      • New Participant
      • May 26, 2026

      Thanks Ryan, this helps clarify the approach.

      We do not want Ivanti-specific permission rules to impact other connectors or ingested content in Moveworks. Based on your explanation, my understanding is that we can configure rules specifically for Ivanti article URLs, and restrict access only to certain user groups for that content.

      This approach should allow other connectors to continue using their existing permission models independently.

      rgeroulo
      Forum|alt.badge.img+2
      • rgeroulo
      • Community Manager
      • May 26, 2026

      @Jaspreettk yes, each external system will have its own permission strategy. For example, a set of permission strategies could be something like:

      1. Sharepoint files use ReBAC
      2. Confluence is available to all users
      3. Ivanti uses RBAC and the rule is user.department IN [“IT”, “IT Support”]

      As you can see and as you mentioned, each system has its own configuration and is mutually exclusive.

      Best,

      Ryan

        Terms & ConditionsAccessibility statement