What is the best way to hide OOB Application navigator items for a custom scoped app user?

dhruvd
Tera Expert

‎07-21-2023 03:34 AM

In our use case, we have a custom applicaiton users who has custom application specific access. However those roles are able to access "Create New" for Demand, able to access "Change Password" etc.

What should be the best approach to hide these application menu items like these for a user, who should have access to only the scope specific menu items?

 

Thanks,

Dhruv

0 Helpfuls
  • 886 Views
2 REPLIES 2

Community Alums
Not applicable

‎07-21-2023 03:58 AM

Hi @dhruvd ,

 

  1. Navigate to All > System Definition > Application Menus.
  2. If you are enabling an application menu, click All in the breadcrumbs to display both active and inactive application menus (remove the default filter condition).
  3. Click the desired title. The application menu record opens and the Modules related list shows the modules that appear in the application navigator.
  4. Enable or disable the application menu and modules as desired.
    Option Description
    Enable or disable a specific module in the application
    1. Double-click the Active field beside the module name in the Modules related list.
    2. Set Active to true (show) or false (hide).
    Enable or disable multiple modules at the same time
    1. Select the check boxes next to the module names.
    2. Select Change active state from the Actions choice list.
    Enable or disable the entire application menu (for example, Incident or Service Catalog) Select or clear the Active check box.
    Restrict the application menu to specific roles Use the Roles field.
  5. Click Update.
    When you change application menus or modules, the application navigator automatically refreshes to display the changes.

 

0 Helpfuls

Riya Verma
Kilo Sage
Kilo Sage

‎07-21-2023 04:19 AM

Hi @dhruvd ,

 

Hope you are doing great.

 

The best approach is to create a new ACL rule that targets the application menu items we want to restrict access to. This ACL rule should be scoped to only affect the users who have access to the specific custom application.

Here's a general outline of the steps to implement the solution:

  1. Create a New ACL Rule: In the ServiceNow instance, navigate to "System Security" -> "Access Control Rules" and create a new record for the ACL rule.

  2. Configure the ACL Rule:

    • Set the "Name" and "Description" for the ACL rule to provide clarity.
    • In the "Applies to" field, specify the application menu item that you want to restrict access to. This can be done by referencing the menu item's sys_id or by selecting it from the list.
    • In the "Script" field, write a condition that targets the users with access to the specific custom application. This may involve checking roles, group memberships, or other criteria that define access to the custom application.

  3. Set the Operation: Choose the "Operation" to be "Read" or "Write" depending on whether you want to restrict read or write access to the menu item.

  4. Save the ACL Rule: Save the ACL rule to apply the access restriction.

 
Please mark the appropriate response as correct answer and helpful, This may help other community users to follow correct solution.
Regards,
Riya Verma
0 Helpfuls