How do I limit visibility of the Service Operations Workspace to a pilot group?

Katherine4
Tera Expert

Hi All

Cannot help thinking I've missed something obvious, but am finding it virtually impossible to limit visibility of the Service Operations Workspace to a pilot group.

The glide.ux.user_criteria_enabled property has been set to true, and I have configured an explicit User Criteria for every SOW Audience record.  The User Criteria itself limits access to the single pilot group.

The sn_sow.sow_user role is no longer contained by any other role, and is instead limited to the pilot group.

After all this the navigation item and landing page for Service Operations Workspace is still accessible to users that are not members of the pilot group.

What am I missing here?

EDIT:

Seems I was missing something; these ux_route ACL entries:
 - now.sow.home
 - now.sow.*

By default, access to now.sow.* required the sn_sow.sow_user role, but access to now.sow.home required the itil role.

Because I had already removed sn_sow.sow_user from being contained by itil, I changed the ACL role requirement on now.sow.home to sn_sow.sow_user.

Access to SOW is now managed by adding the sn_sow.sow_user role to groups.

 

Hope this helps.

Katherine

1 ACCEPTED SOLUTION

Katherine4
Tera Expert

ServiceNow Support provided the missing piece of the puzzle.  Visibility/access to this space is controlled via two ux_route read ACL entries:
 - now.sow.home
 - now.sow.*

Please refer to the edit in the original posting for my individual approach.

View solution in original post

3 REPLIES 3

Sandhya Bellann
ServiceNow Employee
ServiceNow Employee

There is a known PRB in Work in Progress
PRB1582544 - User Criteria does not seem to work when used within an Audience

Steps to Reproduce:

Ensure UX Framework User Criteria plugin is installed.

1. Create a Group and add 1 user to the group with a certain role.
2. Create a User Criteria and add the group do the criteria.
3. Create 2 Audiences and add this user criteria to the User Criteria Exclusions in 1 Audience and User Criteria Inclusions in the other.
4. Using OOTB Configurable Workspace create 2 page variants of landing page and add 1 of the audience to one of the landing pages and the other audience to the other page.
5. Impersonate the user in the Group above and try and access the Landing page.

Expected behavior: The page with User Criteria Inclusion should display

Actual behavior: The page with User Criteria Exclusion displays

Katherine4
Tera Expert

ServiceNow Support provided the missing piece of the puzzle.  Visibility/access to this space is controlled via two ux_route read ACL entries:
 - now.sow.home
 - now.sow.*

Please refer to the edit in the original posting for my individual approach.

Eugene Severi
Tera Contributor

Thanks, very helpful.