Blocking Employee Center for certain users

Ryan S · Tuesday

How can I prevent certain users (based on their roles) from accessing the employee center?

I can redirect to /sp or the SOW easily enough, but that doesn't prevent the user from simply changing the url to /esc. I want to prevent them from accessing /esc unless they have a certain role.

Ankur Bawiskar · Tuesday

@Ryan S

let them go to ESC portal, you can add a widget on that homepage or use UI script and check what role they have

if they don't satisfy then take them to SOW or SP or wherever you want

1) Approach 1: Widget

How to strictly restrict Portal access by Role?

2) Approach 2: UI Script

Another method is to use UI script, see below link for approach

Solution: Redirecting Users to the CSM Portal Based on Roles in ServiceNow

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Ryan S · yesterday

Here's the final solution details. My 'true/false' answer may seem backwards but it works. Anyone who meets certain criteria in the Script Include who I want to access the ESC I return 'false.' Anytime they enter any /esc url they are directed back to /sp. (Edited to add the details around redirect at the bottom.)

Script Include:

Name = 'getMyPortal'

Application = 'global'

Accessible from = 'All Application Scopes'

Glide AJAX Enabled = TRUE

Script:

var getMyPortal = Class.create();
getMyPortal.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    xPortal: function() {
        var hasITIL = gs.getUser().hasRole('itil');
		var com = gs.getUser().getCompanyID();
		var isMyCompany = false;
		if (com == '<company sysID>') {
			isMyCompany = true;
		}
//        if (hasITIL || isMyCompany) { //check company people or users with ITIL can get to Employee Center
		if (isMyCompany) {	//only check company can get to /esc
            return false;
		 } else {
            return true;
    	}
	}
});

UI Script:

Name = 'getMyPortalUIScript'

UI Type = 'All'

Application = 'global'

(function() {

    var ga = new GlideAjax('getMyPortal');
    ga.addParam('sysparm_name', 'xPortal');
    ga.getXML(NewParse);

    function NewParse(response) {
        var answer = response.responseXML.documentElement.getAttribute("answer");
        if (answer == 'true') {

            window.location = '/sp';
        }
    }
})();

The sp_portal record for /esc is using an sp_theme. The sp_theme has an entry on the 'JS Includes' related list. That entry is:

Display Name = 'getMyPortalUIScript' (not sure if the name actually matters)

Source = UI Script

Application = Employee Center

UI Script = reference to 'getMyPortalUIScript'

From a redirect perspective, so users are automatically redirected from platform to /esc or /sp:

Script Include:

Name = SPEntryRedirector

Application = global

Accessible from = This application scope only

var SPEntryRedirector = Class.create();
SPEntryRedirector.prototype = {
  initialize: function() {},

  getFirstPageURL: function() {
    var userGR = new GlideRecord('sys_user');
    if (!userGR.get(gs.getUserID())) return null;

    var internalCompanySysId = '<company sysid>'; // company sys_id
    var isInternal = (userGR.company && userGR.company.toString() === internalCompanySysId);
    var hasItil = gs.hasRole('itil');

    // Let ServiceNow handle itil users
    if (hasItil)
      return null;

    // Only route non-itil users
    if (isInternal)
      return '/esc';
    else
      return '/sp';
  },

  type: 'SPEntryRedirector'
};

System Property:

Name = glide.entry.first.page.script

Type = string

Value = new SPEntryRedirector().getFirstPageURL();

View solution in original post

Ankur Bawiskar · Tuesday

@Ryan S

let them go to ESC portal, you can add a widget on that homepage or use UI script and check what role they have

if they don't satisfy then take them to SOW or SP or wherever you want

1) Approach 1: Widget

How to strictly restrict Portal access by Role?

2) Approach 2: UI Script

Another method is to use UI script, see below link for approach

Solution: Redirecting Users to the CSM Portal Based on Roles in ServiceNow

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Ryan S · Tuesday

The first link talks about using the SP User Criteria Plugin, but after installing that (and clearing cache) I don't see options to add user criteria to my portal page view (sp_portal). What am I missing? Using user criteria seems like the easiest option.

As for the second option, that is redirecting users based on a role but I want something slightly different. I think I see how the approach might be leveraged, but probably just too tired to see it now. Actually, the user should be able to get to /esc if they have role or are in a certain 'company'. If they don't, they shouldn't have access to /esc and would only ever get to /sp given the redirect is in place.

Ankur Bawiskar · Tuesday

@Ryan S

you can go with the 1st approach.

that 1st approach doesn't require User Criteria Plugin

In that a widget is added to Portal Header which checks the role etc and redirects.

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Ryan S · Wednesday

Ok I think I got them backwards, but the custom widget route you're saying would work. Of course, that requires customization. There doesn't appear to be any OOTB way to solve this though. Is that true? What is the purpose of the SP User Criteria Plugin then?