Remove access from self service application for a specify role user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2017 05:20 AM
There is a new set of external users which will have a new role created and will need to be access to only one scoped application. Giving access to the scoped application in the Native UI is not the issue here - the issue is how to hide/restrict access for these new users from the Self Service Accplication.
The Self service application is available to anyone with Mandatory role snc_internal. This role gets added automatically (even after we try to remove) to these users and hence these user are able to access self-service application.
Is there a way to restrict them from accessing this application.
Thanks in Advance!!
-Nitya
- Labels:
-
User Interface (UI)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2017 05:32 AM
Hello Nitya,
Mandatory roles
You can give both internal users and external users access to your instance. However, you might not want both types of users to have the same level of access. To provide added security, every user must have at least one role so the instance can distinguish between the users that are internal and the users that are external.
Prior to the Geneva release, ESS users had no role, but were still considered part of your organization and could access basic system resources by default, such as an ESS home page. Starting with the Geneva release, ESS users can obtain the snc_internal role and still retain the same level of access they had prior to Geneva.
External users must obtain, at minimum, the snc_external role. This role indicates that the user is external to your organization and should not have any access to resources unless you explicitly allow access through ACLs for the snc_external role, or you explicitly grant them additional roles. By default, users with the snc_external role are unable to access non-record type resources as well, such as processors and UI pages.
You should not mark the snc_internal role as elevated. Otherwise, internal users could not access the instance.
The Explicit Roles plugin
The Explicit Roles (com.glide.explicit_roles) plugin provides the snc_external and snc_internal roles. This plugin is activated automatically when you activate the Customer Service Portal.
When this plugin is activated:
- All existing users are automatically assigned the snc_internal role. This role does not change existing access levels or system behavior. Rather, it provides a category to differentiate internal users from external users. All internal users maintain the same level of access as before the plugin was activated.
- All existing ACLs that do not have a role requirement are automatically assigned the snc_internal role. Because both existing ACLs and roles are assigned the snc_internal role, existing access levels do not change.
- External users must obtain, at minimum, the snc_external role to access the instance. This role is automatically assigned to external Customer Service Portal contacts. If the Customer Service Portal is not activated, this role must be manually granted to external users. Access to records is granted through ACLs.
Note: This plugin also requires the Contextual Security plugin.
Providing access to external users
You can grant external users access to tables be creating a set of ACLs for the table. See Provide external users access to a table.Another approach you can take is to give all external users access to all tables, and then restrict access to specific tables. You can do this by adding the snc_external role to the * ACL that is of Type ui_page.The hasRoles() method
ThehasRoles() method is still available, but is deprecated in the Geneva release. Use the hasRole(role name) method instead.If you do use the hasRoles() method, note these changes:- This method automatically excludes the default snc_internal role when it checks for roles. This means that if a user has only the snc_internal role, the
hasRoles()method still returns false. - If the user has the snc_external role, false is returned because the instance considers external users as without a role.
- Activate the Explicit Roles pluginYou must request activation to the Explicit Roles plugin.
- Provide external users access to a tableTo enable users with only the snc_external role to access the list view of a table, you must create a series of ACLs.
Please Refer :
Script includes installed with Customer Service Management
Client scripts installed with Customer Service Management
Business rules installed with Customer Service Management
Thanks,
Rajashekhar Mushke
Rising star : 2022 - 2024
Community Leader -2018
Connect me on LinkedIn : Rajashekhar Mushke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2017 05:34 AM
Hi Nitya,
Below thready may help you.
How can I use a role to HIDE the Self—Service application rather than give access?
Thanks,
Maddy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2017 05:52 AM
Thanks Maddy - your solution worked!! - the Solution -
Create a Catalog Variable type "Macro"
Add a UI page - this will work on the Native UI
Add a widget - this work for the Service Portal.
Thanks,
Nitya
