How to restrict external users so that tables on instance will not be visible to them

Spandana P
Tera Contributor

‎03-09-2022 05:19 AM

Hello,

We have a requirement wherein the external users/ customers shouldn't be able to see internal tables .

Now, the external user is able to see all the internal tables when typed sys_user.list, cmdb_ci.list etc. Though they are read-only for this user, we want it be restricted completely so that even the list view etc won't be shown to these external users.

(The roles we have given to external users are:)

find_real_file.png

Could anyone help me on this please?

Preview file
66 KB
0 Helpfuls
  • 1,795 Views
8 REPLIES 8

dmathur09
Kilo Sage
Kilo Sage

‎03-09-2022 07:24 AM

Hi JP,

OOB external users are not allowed to view any internal table or even any portal as well. This is how the functionality has been setup by Servicenow.

I would suggest to remove all the roles except the snc_external role. So that they can not see any internal data. That is the best OOB way to achieve this without any customization.

Regards,

Deepankar Mathur

0 Helpfuls

Spandana P
Tera Contributor
In response to dmathur09

‎03-10-2022 10:28 PM

Hi @Deepankar Mathur ,

Thanks but as per the client's requirements the external customer needs the additional roles provided and unfortunately we can't change that.

Is there any other way of doing it , for example when ever customer tries to open internal tables , they should be redirected to portal page instead of these tables. Is this redirection achievable , if so could you please tell me how?

Please let me know @johnfeist , @shloke04 if you think this is possible. If it's not, then I will go with table level ACLs as you guys already mentioned. 

 

 

Thanks

0 Helpfuls

dmathur09
Kilo Sage
Kilo Sage
In response to Spandana P

‎03-10-2022 11:35 PM

Hi JP,

If the roles are fix that all external users will also get these additional role. Then I would suggest to manipulate the SPEntry Script Include. So that they can not come to the native UI at all and stick to the portal only. Then it won't be required for you to update each and every ACL.

Regards,

Deepankar Mathur

0 Helpfuls

shloke04
Kilo Patron
In response to Spandana P

‎03-11-2022 02:59 AM

HI @JP 

UI Script can be an alternative here where you can check if the logged in User is having a Role as External(snc_external) and if they are trying to access a native URL other than portal then redirect them to Service Portal.

Navigate to UI Script module as shown below and use the script as shared below:

find_real_file.png

Script:

UI Type: Desktop
Global = true

addLoadEvent(function()
{
    if(!g_user.hasRoleExactly('Enter Role here') && document.URL.indexOf('.do')!= -1)
  {
   window.location='/sp'; //Replace "sp" with your portal URL here
   }
  else
  {return}

});
Just make sure to mark the Global checkbox as True in UI Script above

Proper explanation is provided by Servicenow itself in below link which you can reference:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0994806

This will remove editing of individual ACL as well and you should be good with your requirement.

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke
Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke
Preview file
25 KB
0 Helpfuls