Unable to Export from a List for snc_external users. Getting a 403 Response

ivanr
Tera Contributor

‎03-23-2017 09:54 AM

Hi All,

So I set up a data table in CSM to allow customers with the snc_external role to access table data. For some reason the users try to export from the table they are met with a 403 message, User Not Authorized. When I assign the role snc_internal, the export works just fine. Does anyone Know how to fix this? Thanks!

Screen Shot 2017-03-23 at 9.42.50 AM.png

Preview file
28 KB
0 Helpfuls
  • 2,134 Views
4 REPLIES 4

Robert_Cartwrig
Tera Expert

‎04-05-2017 03:39 PM

Interesting that this question is "Assumed Answered."   I have the same issue...so what was the answer?


0 Helpfuls

ivanr
Tera Contributor
In response to Robert_Cartwrig

‎04-26-2017 09:38 AM

The fix was adding the snc_external role to the script in the HTTPauthProccessor ACL.



var answer = false;


var basicAuthRequired = GlideContextualSecurityManager.isHTTPAuthRequired();


if (basicAuthRequired == false) {


  var sessionUser = gs.getUserName();


  var validGuestUser = GlideContextualSecurityManager.getHTTPAuthGuestUserName();


  if (sessionUser == validGuestUser || sessionUser == 'guest')


  answer = true;


}


//If basic auth was required, we wouldn't have come this far for an unauthenticated user


else {


  //By default, allow access to the processor only for internal users


  if (gs.hasRole('snc_internal') || gs.hasRole('snc_external'))


  answer = true;


}


0 Helpfuls

Robert_Cartwrig
Tera Expert
In response to ivanr

‎04-26-2017 09:52 AM

Thanks for getting back to me on this Ivanhoe.   I eventually found this, but ended up removing the script entirely in order to let the ACL use the Requires Roles functionality (didn't need anything tricky). I posted it in another thread and forgot about this one.



BTW, this worked for PDF and Excel exports...I had to take similar action on the CSVProcessor ACL for CSV exports.



Regards,


Robert


Bin Li
Tera Expert
In response to ivanr

‎06-21-2017 08:49 PM

Thanks Ivanhoe. Code works for me.



To be more specific perhaps, it is to add the 'snc_external' role to be granted in ACL, which OOTB ACL script doesn't have.



var answer = false;


var basicAuthRequired = GlideContextualSecurityManager.isHTTPAuthRequired();


if (basicAuthRequired == false) {


  var sessionUser = gs.getUserName();


  var validGuestUser = GlideContextualSecurityManager.getHTTPAuthGuestUserName();


  if (sessionUser == validGuestUser || sessionUser == 'guest')


  answer = true;


}


//If basic auth was required, we wouldn't have come this far for an unauthenticated user


else {


  //By default, allow access to the processor only for internal users


  if (gs.hasRole('snc_internal') || gs.hasRole('snc_external'))


  answer = true;


}



Cheers


Johnny


0 Helpfuls