How to configure ACLs so users can see tickets created by other users in Service Portal?

patricklatella · ‎02-07-2019

Hi all,

I'm working on a customer service portal, and in the portal I need to allow non-roled users to see a widget called "My company's incidents", and then for them to be able to see all the records on the incident table that have the "company" field set to their company, regardless of who created it. Is this possible? The query I have on the widget is correct, but when impersonating users I cannot see the records created by other users. Anyone know how to do this?

DScroggins · ‎02-07-2019

Hi Patrick, You can modify the before query business rule "incident query" on the incident table. You can adjust the script to allow users to see the records according to whatever requirements you have. Currently only users who are the caller or opened by can see the incidents if they don't have roles. Once you modify the BR then the incident record will show in portal.

View solution in original post

patricklatella · ‎02-07-2019

Hi David, so I'm working with the script in the "incident query" business rule, but so far no luck. Here's my script, with this the logged in user can see no records at all...logged in user is a "non roled" user. Can you see the error in my script?

if(!gs.hasRole('itil') && gs.isInteractive()) {
var u = gs.getUser();
var c = gs.getUser().getCompanyID();
gs.info('logged in user company is '+c);//this is logging the correct company
var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u).addCondition('company',c);
gs.print("query restricted to user: " + u);
}

The SN Nerd · ‎02-07-2019

I'd strongly recommend reaching out to your licensing manager before continuing.

If you grant end-users visibility to all of their organization's tickets, you are essentially giving them a fulfiller role, and your license count will go through the roof. You are violating the intent of an unlicensed role which could get you in trouble if/when you are audited.

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

patricklatella · ‎02-07-2019

Hi Paul,

thanks so much for chiming in with that...will definitely do that.

Quick note, this is for a Customer Service Portal, so external facing, so the idea is that we want non-roled users from outside our organization to be able to come to this portal to view their tickets that they have logged with us. They would only be able to view and add comments just like a normal internal user would do on a service portal. Any issues you foresee there?

Then secondly, we'd like to add a feature where these external users (which are part of specific teams working together for the external company, and again all non-roled) would be able to view all the tickets that have been created by anyone from the external customer, but again in our Customer Service Portal..and again only to view and to add comments.

Still think there could be an issue? Again thanks so much.

The SN Nerd · ‎02-07-2019

It could still be an issue.

An unroled user OOTB can only see tickets they have raised, or been raised on behalf of. Depending on your agreement, If you give an unroled user any role, they may become licensed.

If you are doing this without giving them a role, it is a bit of a grey area. It goes against the intent but might be considered acceptable depending on the use case.

If it is read access only within their company it might be ok - but i'd suggest checking with your ServiceNow licensing manager.

Just a side note that I could be wrong about this, as each customers agreement is different. This is just my experience!

Goodluck 🙂

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

patricklatella · ‎02-07-2019

Thanks again Paul...we'll definitely check with our licensing manager.