Block Non-ITIL access to UI page- Fails after login (New Tab Issue)

VenkataKusaL · an hour ago

Dear ServiceNow Community,

Non-ITIL/end users can access a specific UI page after logging in and opening it in a new tab, despite script includes checking roles on server/client sides. It works correctly during initial login but fails post-login.

Current Setup & Issue:
Script Include: Checks gs.hasRole('itil') on server; returns false for non-ITIL.
Client Script: Uses g_user.hasRole('itil') to hide elements/redirect.
Problem: Blocks fine on initial login, but logged-in non-ITIL users bypass via new tab/navigation.

Questions:
How to enforce ITIL-only access across sessions/tabs in Zurich?
ACL on sys_ui_page record? UI Condition? Session-based User Criteria?
Client script fix for g_user context in new tabs?

Fernnn · 54m ago

A ui_page ACL is the correct way to manage UI page access. From a UX perspective, I understand why a redirect may sometimes be appropriate, but the client browser can block the redirection.

hasRole returns true for any role if the user has admin (there may be other nuances, but I can't think of any). For strict role checks, use something like GlideUser.getRoles().indexOf('role') !== -1

You'll need to show your code if you want us to figure out exactly what's happening.