Blocking Contingent/contractors from accessing the HR Portal (Employee Center)

Go to solution
Rob Sestito
Mega Sage

‎05-24-2022 01:07 PM

Hey Team,

Looking for ideas if anyone has any and/ or if anyone has done this before.

We have contingent works that to not use our HR department for anything. We want to block their access to the employee service center.

Currently, from our main IT Service Portal, a contingent worker would not see the HR Widget Icon:

find_real_file.png

However, if a contingent worker were to change the URL to match ESC:

find_real_file.png

They will see the portal for HR. Contingent workers will usually get only a few roles. That includes the sn_hr_sp.hrsp_contingent and sn_hr_core.hrsm_contingent. Is there something that we can do to block their access (or hide) the ESC portal specifically? We still want them to have access to the IT Service Portal.

Thanks in advance,

-Rob

Preview file
4 KB
Preview file
99 KB
0 Helpfuls
  • 1,404 Views
1 ACCEPTED SOLUTION

Go to solution
Rob Sestito
Mega Sage

‎06-01-2022 12:08 PM

I ended up finding the Activate the user criteria for Service Portal plugin

This let me use or add the Can View and Cannot View tabs under Related Links to each Portal pages, widgets, and widget instances forms.

With specific criteria I already had, I was able to add it to the Cannot View for each of these as per the instructions from the document, and I am now able to hide the HR Portal completely from Contingent workers.

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Community Alums
Not applicable

‎05-24-2022 08:34 PM

Hi @Rob Sestito ,

sn_hr_sp.hrsp_contingent role is mainly responsible to have access to the portal and have you figured out from where this role is getting assigned?

0 Helpfuls

Go to solution
Rob Sestito
Mega Sage
In response to Community Alums

‎05-25-2022 06:50 AM

Hey @Sandeep Dutta - 

I know what the role is doing - and SN docs say it is not recommended to modify.

sn_hr_sp.hrsp_contingent contains sn_hr_core.hrsm_contingent

I see that this role has My HR Requests in it as a module, but that shows as inactive

find_real_file.png

Unfortunately - I am not sure what you mean by "have you figured out from where this role is getting assigned?"

Are you able to provide more details or anything else as to what I can do?

Thanks,

-Rob

Preview file
32 KB
0 Helpfuls

Go to solution
Lena_Latham
ServiceNow Employee
ServiceNow Employee

‎05-25-2022 09:49 AM

The sn_hr_sp.hrsp_contingent role is assigned automatically by the system based on the HR Profile. In this case, it provides access to the Employee Center. More about that on Docs: Client Roles

As for how to prevent access, have you seen THIS POST about restricting access via the Taxonomy? Perhaps some Can Read and Cannot Read criteria would be the solution for you.

 

Best,

Lena

 

0 Helpfuls

Go to solution
Rob Sestito
Mega Sage
In response to Lena_Latham

‎05-25-2022 10:42 AM

Hey Lena,

Yes I am actually part of that post with an answer to their question THIS POST. HR Services/Record Producers are already doing their part with who gets access and who does not.

An easy(ish) way so far from what I am finding is using roles. I see that the sn_hr_sp.hrsp_contingent role comes with added access, one of which is the EC.

I tested with adding the hr basic role on the Portal Page properties which a contingent workers does not have. However, that only blocked them from see the main page dashboard. They were still able to look at the dropdown mega menu, footer, etc. That is not what I need - I need the entire page to not be found. 

Thank you,

-Rob

0 Helpfuls