Is it possible to restrict end users from accessing the UI?

Brian Greene1
Tera Contributor

Is it possible to restrict end users from accessing the UI and just to the Service Portal?

7 REPLIES 7

Jace Benson
Mega Sage

So you can redirect users to the portal after logging via the property "glide.entry.first.page.script"


Redirect to Service Portal after login



This thread talks about this as well;


How to redirect users without roles to Service Portal instead of CMS?


Ultimately it came down to another property called "glide.entry.loggedin.page_ess"



But if the users still know about the pages e.g. incident_list.do and such, they can get around you're redirects;


https://servicenowgems.com/2017/09/26/securing-list-and-do-pages-via-acls/


This post talks about setting up ACLS so they cannot get the the .list and .do pages.



Let me summarize in case his blog goes down;


The following acl's will block access to incident.do and incident_list.do


ScreenShot-2017-Nov-28-1718-PM.PNG


ScreenShot-2017-Nov-28-1717-PM.PNG


What about restricting access to the entire CMS page when "/sp" is removed


from the URL?



On Nov 28, 2017, at 6:20 PM, jacebenson <community-no-reply@servicenow.com>


I'm not sure I follow.


I do, Jace, I follow exactly, because I'm  looking for the same thing:

If a user is a basic user, (if he/she only has snc_internal or only has snc_external), he/she can get to all or some sites with URLs starting with "https://XXXXX.service-now.com/sp" but cannot get to any sites that begin "https://XXXXX.service-now.com" (the TLD) that are not directly followed by "sp".

 

Am I right or am I right, Brian? (@Brian Greene1)

 

This should make it clear so you can help Brian and me, and others, Jace.

 

Y'all probably saw the script that the KB the addresses this, right?

addLoadEvent(function()
{
if(!g_user.hasRoleExactly('itil') && document.URL.indexOf('.do')!= -1)
{
window.location='/sp';
}
else
{return}

});

Here's that KB:

Restrict ESS or non-role users from navigating to native UI by manipulating the URL - Support and Tr...

 

I hope this helps, guys. I'll forward this to our developers, of which I am one but have more experience with catalog items than scripts and with javascript. Y'all let me know if you want any feedback from me on this after we try it or if you this is enough.

 

Best regards.

V/R,

Jerry

Jerome Walker