Allowing external access to Processor

Go to solution
David King
Giga Contributor

‎08-11-2018 08:03 PM

Hi all,

I'm looking at setting up a processor that allows shorter URL's to KB articles. I was wondering if there's a good way to allow external access (Via ACL?) to a specific processor?

Background

Links to our KB articles currently look like:

https://instancename.service-now.com/csm?id=kb_article&sys_id=7abc123odadoiwagbdwaiohvsuicpoe6

I've got a processor which shortens the links to:

https://instancename.service-now.com/help?article=KB00001

The marketing department will be much happier pasting this into their social media links!

The Processor

It's a relatively simple thing that executes the following:

(function process(g_request, g_response, g_processor) {
	
	var article = g_request.getParameter("article");
	
	//Query table for Knowledge article
	var kb = new GlideRecord('kb_knowledge');
	kb.addQuery('number',  article); //Key, query value
	kb.query();
		
	//Default url if not found
	var url = 'https://devinstance.service-now.com/csm';
	
	//While we have results
	while (kb.next()) {
		if (kb.number.toString() == article.toString()){
			url = url + '?id=kb_article&sys_id=' + kb.sys_id.toString();
		}
	}
	//Redrect to base csm addr or found kb article
	g_processor.redirect(url);
		
})(g_request, g_response, g_processor);

The CSM endpoint is accessible by external users, they don't need to be logged in to navigate the service portal and read KB and News articles.

However, this processor is set up in the global namespace with the previously mentioned /help endpoint.
Navigating to <instance.com>/help requires a user to log in.

Is there a safe way to enable access to this specific endpoint for external users?
Any comments are appreciated!

Regards,

David

0 Helpfuls
  • 3,165 Views
1 ACCEPTED SOLUTION

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to Goran WitchDoc

‎08-13-2018 06:23 AM

Got it.

to make the processor public you need to do 1 or 2 things. If you don't have CSM or any other application that might activate the snc_internal/snc_external roles then you just need step 1.

 

1. Create the processor, go to sys_public.list and add the path there. Then in the url use <path>.do and it will work.

2. if you have the snc-roles thingie. Then you also need to edit the roles field on the processor. Now this isn't visible from start and ServiceNow has been kind to add the role snc_internal there by default which of course the none loggedin user doesn't have. Here you need to remove that and then add the role public instead. 

Then it should work :). I think I'll make a video of this 🙂 and steal your idea about it 😉

 

//Göran

View solution in original post

16 REPLIES 16

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee

‎08-12-2018 01:58 AM

You can use ACLs on processors. Here is link to some documentation: Processor ACL rules

Never done this myself, but I think your way should work. Just a quick not on your query, if you are using versioning, you might need to change it to get the correct one. but then again, depending on how you show it on the portal, the widgets might take care of that for you as well.

//Göran

Go to solution
David King
Giga Contributor
In response to Goran WitchDoc

‎08-12-2018 01:24 PM

Thanks Goran, good to know its possible!

I've applied an ACL but the endpoint is still inaccessible by external users, here's what the ACL looks like now:

find_real_file.png

I'm not 100% sure if the "name" field references the specific processor or not (I've set it to the processors name currently), is it possible that I have another ACL that clashes with this one? Or is this just configured incorrectly from the get go?

 

Please forgive my lack of familiarity, I've got the Dev side down somewhat but still trying to get better with the ACL / business requirements side of things, appreciate your help thus far!

Preview file
56 KB
0 Helpfuls

Go to solution
David King
Giga Contributor
In response to David King

‎08-12-2018 01:29 PM

Ah, after a bit of reading I can confirm it is the name of the processor.

However I'm seeing this at the bottom of the ACL:

find_real_file.png

It makes me wonder if the processor is linked correctly. I'm assuming so, as there's nothing else that needs to be configured. I'll start looking at potentially conflicting ACL's, though I assume this debugging stage could take a wee while

Preview file
8 KB
0 Helpfuls

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to David King

‎08-13-2018 06:09 AM

Hmm.. got me puzzled here. You need to add the page to sys_public.list to get it public. And you need to add a .do in you url like https://instancename.service-now.com/help.do?article=KB00001

But when I do that I still get "Security restricted when invoking processor". And the ACL thingie doesn't seem to be in affect, since I tested to put it to require admin role, and still normal users could use it, but not the "not logged in ones".

This got me curious, lets see if we can find the issue here.

 

//Göran

0 Helpfuls