External users should not be able to see the internal tables
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2022 01:59 AM
Hi Community,
The external users are able to see the internal tables in the instance. The user with snc_external role when try to open the instance url with the table name at the end. They are able to access it.
For eg: If an external user with snc_external role logs in to servicenow instance and try the url like this:
https://example.service-now.com/sys_user_list.do
Then the user is being landed on the user table. Which should not happen.
Can someone help me on how to achieve the restriction on this.
- Labels:
-
Script Debugger
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2022 02:08 AM
Configure an ACL with snc_internal role on that table or any other roles you want.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2022 02:14 AM
Hi Smriti,
The external user is able to see all the tables in the instance not just the user table but all tables. If the user gives the table name at the end of the instance name like below:
https://example.service-now.com/sys_user_list.do
https://example.service-now.com/cmdb_ci_list.do
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2022 02:36 AM
you can decide * for all all tables and * for all fields and give snc_internal as role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2022 03:51 AM
