Populate records on CSM portal

Szilard
Tera Guru

‎05-26-2025 03:55 AM

Hello experts,

I'm trying to display a filtered list of core_company records in a Catalog Item (CSM Portal) to a user with the snc_external role. The ACLs are script-based and only allow users to see their own company. However, I want to show a filtered list of companies (based on custom logic) in a dropdown — even to users who normally can't see all company records due to ACL restrictions.

I’ve tried Reference Qualifier, GlideAjax, REST API, populating a Select Box via g_form.addOption(), using system properties, and various workarounds — but on the CSM Portal, these are either blocked by ACL or don’t render due to UI limitations.

I need a solution where:

  • The user sees a list of valid companies (names),

  • On selection, the corresponding sys_id is stored for use in the workflow,

  • ACLs are respected for data access but not blocking the UI visibility.

Any suggestions for how to achieve this in CSM Portal context?

 

Thanks in advance

  • 454 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

‎05-26-2025 04:00 AM

@Szilard 

for snc_external users to see companies they should have table level READ ACL allowing them to see

without this it's won't work.

You will have to create table.None READ ACL and add snc_external role and also ensure the name field on core_company is accessible to them.

If there is field level READ ACL on name field then you need to create that as well for snc_external users

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Szilard
Tera Guru
In response to Ankur Bawiskar

‎05-26-2025 04:43 AM

Hello Ankur,

Thanks for the reply, but that’s exactly the issue — I don't want to grant general read access to the core_company table for snc_external users. The visibility is intentionally restricted via ACL scripts, and that should remain in place for everything outside of this one specific use case.

What I’m trying to achieve is:
- to display a list (array) of filtered company names (with sys_ids) returned by a Script Include,
- inside a specific variable of a specific Catalog Item,
- for a restricted user (like snc_external),
- without bypassing or weakening the ACLs globally.

Everywhere else, visibility should still follow the ACLs as designed.

So I’m looking for a safe UI-friendly way to show the Script Include’s result just here, without breaking security elsewhere.

0 Helpfuls

KrishnaMohan
Giga Sage
In response to Szilard

‎05-26-2025 05:01 AM - edited ‎05-26-2025 05:02 AM

Hi @Szilard ,

 

you can create custom variable and widget as shown below

KrishnaMohan_0-1748260669430.png

 

Now create choice list in using html css, client script and fetch core company details in widget. Please refer below image.

KrishnaMohan_1-1748260815434.png

If my response helped please mark it correct and close the thread so that it benefits future readers.

Thanks and Regards,
Krishnamohan

 

0 Helpfuls

Mark Manders
Mega Patron

‎05-26-2025 04:56 AM

What you want, can't be done. The ACL is deciding what the snc_external users can see. You can't go around that, because it's the wall that makes sure you can't get through.


If you are in front of a safe that can only be opened with a key, you can't get in without that key. There is no backdoor, no sidedoor. You will have to get the key to open it. 

ServiceNow, by default, only allows snc_external users to see their own company/account. If you want to change that, you will have to update the ACL. Your script include may be filtering the list of companies you want to see, but your ACL will tell you that you aren't allowed to see them, unless it's your own.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls