We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Blocking Employee Center for certain users

Go to solution
Ryan S
Mega Sage

Tuesday

How can I prevent certain users (based on their roles) from accessing the employee center?

 

I can redirect to /sp or the SOW easily enough, but that doesn't prevent the user from simply changing the url to /esc. I want to prevent them from accessing /esc unless they have a certain role.

0 Helpfuls
  • 543 Views
2 ACCEPTED SOLUTIONS

Go to solution
Ankur Bawiskar
Tera Patron

Tuesday

@Ryan S 

let them go to ESC portal, you can add a widget on that homepage or use UI script and check what role they have

if they don't satisfy then take them to SOW or SP or wherever you want

1) Approach 1: Widget

How to strictly restrict Portal access by Role? 

2) Approach 2: UI Script

Another method is to use UI script, see below link for approach

Solution: Redirecting Users to the CSM Portal Based on Roles in ServiceNow

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls

Go to solution
Ryan S
Mega Sage

yesterday - last edited yesterday

Here's the final solution details. My 'true/false' answer may seem backwards but it works. Anyone who meets certain criteria in the Script Include who I want to access the ESC I return 'false.' Anytime they enter any /esc url they are directed back to /sp. (Edited to add the details around redirect at the bottom.)

Script Include:

Name = 'getMyPortal'

Application = 'global'

Accessible from = 'All Application Scopes'

Glide AJAX Enabled = TRUE

Script:

var getMyPortal = Class.create();
getMyPortal.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    xPortal: function() {
        var hasITIL = gs.getUser().hasRole('itil');
		var com = gs.getUser().getCompanyID();
		var isMyCompany = false;
		if (com == '<company sysID>') {
			isMyCompany = true;
		}
//        if (hasITIL || isMyCompany) { //check company people or users with ITIL can get to Employee Center
		if (isMyCompany) {	//only check company can get to /esc
            return false;
		 } else {
            return true;
    	}
	}
});

UI Script:

Name = 'getMyPortalUIScript'

UI Type = 'All'

Application = 'global'

(function() {

    var ga = new GlideAjax('getMyPortal');
    ga.addParam('sysparm_name', 'xPortal');
    ga.getXML(NewParse);

    function NewParse(response) {
        var answer = response.responseXML.documentElement.getAttribute("answer");
        if (answer == 'true') {

            window.location = '/sp';
        }
    }
})();

The sp_portal record for /esc is using an sp_theme. The sp_theme has an entry on the 'JS Includes' related list. That entry is:

Display Name = 'getMyPortalUIScript' (not sure if the name actually matters)

Source = UI Script

Application  = Employee Center

UI Script = reference to 'getMyPortalUIScript'

 

From a redirect perspective, so users are automatically redirected from platform to /esc or /sp:

Script Include:

Name = SPEntryRedirector

Application = global

Accessible from = This application scope only

var SPEntryRedirector = Class.create();
SPEntryRedirector.prototype = {
  initialize: function() {},

  getFirstPageURL: function() {
    var userGR = new GlideRecord('sys_user');
    if (!userGR.get(gs.getUserID())) return null;

    var internalCompanySysId = '<company sysid>'; // company sys_id
    var isInternal = (userGR.company && userGR.company.toString() === internalCompanySysId);
    var hasItil = gs.hasRole('itil');

    // Let ServiceNow handle itil users
    if (hasItil)
      return null;

    // Only route non-itil users
    if (isInternal)
      return '/esc';
    else
      return '/sp';
  },

  type: 'SPEntryRedirector'
};

 

System Property:

Name = glide.entry.first.page.script

Type = string

Value = new SPEntryRedirector().getFirstPageURL();

View solution in original post

0 Helpfuls
9 REPLIES 9

Go to solution
Ankur Bawiskar
Tera Patron
In response to Ryan S

Wednesday

@Ryan S 

With some customization in OOTB Script Include of SPEntryPage you can take user to particular SP or ESC portal on login.

But if they change URL and manually visit then that won't work.

For that you need to take the approach I shared above.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
In response to Ankur Bawiskar

Wednesday

@Ryan S 

I believe I shared a working approach from that link and you can enhance it further.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ryan S
Mega Sage

Wednesday

Thanks @Ankur Bawiskar for the links. I was able to combine option 2 with an old note that referenced this article (Service Portal Domain Separation workaround - ServiceNow Community).

I was able to use the UIScript, Script Include, with a JSInclude on the theme for my ESC. This appears to be preventing any users from accessing the ESC based on whatever conditions I want to set in my script include, and it's still following my existing redirect logic so I don't have to worry about platform view.

Thanks again

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
In response to Ryan S

Wednesday

@Ryan S 

Glad to know.

Please do share detailed solution so that it helps other members in future.

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ryan S
Mega Sage

yesterday - last edited yesterday

Here's the final solution details. My 'true/false' answer may seem backwards but it works. Anyone who meets certain criteria in the Script Include who I want to access the ESC I return 'false.' Anytime they enter any /esc url they are directed back to /sp. (Edited to add the details around redirect at the bottom.)

Script Include:

Name = 'getMyPortal'

Application = 'global'

Accessible from = 'All Application Scopes'

Glide AJAX Enabled = TRUE

Script:

var getMyPortal = Class.create();
getMyPortal.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    xPortal: function() {
        var hasITIL = gs.getUser().hasRole('itil');
		var com = gs.getUser().getCompanyID();
		var isMyCompany = false;
		if (com == '<company sysID>') {
			isMyCompany = true;
		}
//        if (hasITIL || isMyCompany) { //check company people or users with ITIL can get to Employee Center
		if (isMyCompany) {	//only check company can get to /esc
            return false;
		 } else {
            return true;
    	}
	}
});

UI Script:

Name = 'getMyPortalUIScript'

UI Type = 'All'

Application = 'global'

(function() {

    var ga = new GlideAjax('getMyPortal');
    ga.addParam('sysparm_name', 'xPortal');
    ga.getXML(NewParse);

    function NewParse(response) {
        var answer = response.responseXML.documentElement.getAttribute("answer");
        if (answer == 'true') {

            window.location = '/sp';
        }
    }
})();

The sp_portal record for /esc is using an sp_theme. The sp_theme has an entry on the 'JS Includes' related list. That entry is:

Display Name = 'getMyPortalUIScript' (not sure if the name actually matters)

Source = UI Script

Application  = Employee Center

UI Script = reference to 'getMyPortalUIScript'

 

From a redirect perspective, so users are automatically redirected from platform to /esc or /sp:

Script Include:

Name = SPEntryRedirector

Application = global

Accessible from = This application scope only

var SPEntryRedirector = Class.create();
SPEntryRedirector.prototype = {
  initialize: function() {},

  getFirstPageURL: function() {
    var userGR = new GlideRecord('sys_user');
    if (!userGR.get(gs.getUserID())) return null;

    var internalCompanySysId = '<company sysid>'; // company sys_id
    var isInternal = (userGR.company && userGR.company.toString() === internalCompanySysId);
    var hasItil = gs.hasRole('itil');

    // Let ServiceNow handle itil users
    if (hasItil)
      return null;

    // Only route non-itil users
    if (isInternal)
      return '/esc';
    else
      return '/sp';
  },

  type: 'SPEntryRedirector'
};

 

System Property:

Name = glide.entry.first.page.script

Type = string

Value = new SPEntryRedirector().getFirstPageURL();

0 Helpfuls