How to disable remove access to Self-Service

ahammoud
Tera Guru

‎01-31-2014 12:36 PM

I am trying to create a user account with special permissions which would not allow them to access the Self-Service and Social IT Applications. The account should have only allow access to Create and view their own incidents and requests (no knowledge base...etc)

 

These two applications (found under System Definition > Application Menus). Do not have any roles assigned to them and any one can access them.

I am trying to remove access to the applications based on a Role of that account.

 

Is there a way to deny access to an application or Modules (or hide it) based on someone's role ?

Labels:
0 Helpfuls
  • 3,311 Views
3 REPLIES 3

Tom Alday
Mega Guru

‎01-31-2014 02:12 PM

Roles are really just names until you assign what you want them to see/access. If a module has no role that means any licensed account can see it, if you want to remove this users ability to see Self Service or Social IT just add a Role (ex ITIL) to each that that user doesn't have.


0 Helpfuls

ahammoud
Tera Guru
In response to Tom Alday

‎02-03-2014 08:57 AM

If I was to restrict access by assigning roles to them; then I would have to provide everyone else and newly created users with that role (i.e. ITIL), that would be inconvenient, I would have to change everyone's permission make sure they have roles, in order to deny access to only one account.


0 Helpfuls

ahammoud
Tera Guru

‎02-11-2014 08:15 AM

I found a solution that worked and seem to have fixed the problem without the use of creating / assigning roles.


I did it using domain separation, and assigning ACL's to the users I wanted to restrict access. I put them in a certain group (Group 1) without any roles assigned, this will give them access to Self-Service module, in which I want to block access to the Knowledge Base and the Service Catalog modules.


First I created a Log in Rule to redirect users from the domain (Group 1) to the portal I want.


Second to make sure they don't access the default UI, I created 2 ACL's with scripts based on the Domain of the logged in user one for blocking access to the Knowledge Base and one for blocking access to the Service Catalog,



Hope this would be handy if anyone needs to use someday, thanks again.



ACL:


Type: ui_page


Operation: read


Name: catalog_home (for the Knowledge Base use "kb_home")




Script:


answer = getAnswer();



function getAnswer() {


     


      var myAnswer = true;


      var guest = gs.getUser();


     


    if (guest.getDomainDisplayValue() == 'Group 1'){     //get the Domain of the currently logged in user


                              myAnswer = false;


      }


      return myAnswer;


}


0 Helpfuls