Allowing External Users to Select Users via Reference Field in CSM Portal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello,
I’m looking to understand whether it is possible to allow external users interacting with the CSM Portal to use a reference variable within a service request to select from a list of users.
Specifically, I am trying to determine if there is a secure and supported way to present a filtered list of users (both internal and external) based on shared attributes such as:
- Company
- Account
- Domain
The goal is to enable external users to select relevant users associated with their organisation, while ensuring appropriate access controls and data segregation are maintained.
If anyone has implemented a similar requirement or can advise on recommended patterns, I would greatly appreciate your guidance.
Many thanks for your support.
Liam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Data within CSM is controlled by query rules. These control what a user has access to based on a role and a condition for that table.
So yes, your first 2 attributes are possible. For domain, are you referring to a domain separated environment? As that adds additional complexity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi Kieran, thanks for your reply!
Yes, our instance is a domain separated environment. I also want to ensure that I'm following ServiceNow best practices and therefore avoid modifying OOB ACL's.
Many thanks again for your support!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
In order to view the records, they'll need to have visibility of the data based on domain inheritance. That'll be your first hurdle as you may need to setup visibility groups.
CSM query rules then sit on top of this to further restrict (or allow) access.
Have you verified whether your domain structure allows your users to view the data if that data is in another domain?