Is it possible to restrict end users from accessing the UI?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-28-2017 03:00 PM
Is it possible to restrict end users from accessing the UI and just to the Service Portal?
- Labels:
-
Incident Management

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-28-2017 03:19 PM
So you can redirect users to the portal after logging via the property "glide.entry.first.page.script"
Redirect to Service Portal after login
This thread talks about this as well;
How to redirect users without roles to Service Portal instead of CMS?
Ultimately it came down to another property called "glide.entry.loggedin.page_ess"
But if the users still know about the pages e.g. incident_list.do and such, they can get around you're redirects;
https://servicenowgems.com/2017/09/26/securing-list-and-do-pages-via-acls/
This post talks about setting up ACLS so they cannot get the the .list and .do pages.
Let me summarize in case his blog goes down;
The following acl's will block access to incident.do and incident_list.do
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-28-2017 04:19 PM
What about restricting access to the entire CMS page when "/sp" is removed
from the URL?
On Nov 28, 2017, at 6:20 PM, jacebenson <community-no-reply@servicenow.com>

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-29-2017 12:43 AM
I'm not sure I follow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-23-2024 02:13 PM
I do, Jace, I follow exactly, because I'm looking for the same thing:
If a user is a basic user, (if he/she only has snc_internal or only has snc_external), he/she can get to all or some sites with URLs starting with "https://XXXXX.service-now.com/sp" but cannot get to any sites that begin "https://XXXXX.service-now.com" (the TLD) that are not directly followed by "sp".
Am I right or am I right, Brian? (@Brian Greene1)
This should make it clear so you can help Brian and me, and others, Jace.
Y'all probably saw the script that the KB the addresses this, right?
addLoadEvent(function()
{
if(!g_user.hasRoleExactly('itil') && document.URL.indexOf('.do')!= -1)
{
window.location='/sp';
}
else
{return}
});
Here's that KB:
I hope this helps, guys. I'll forward this to our developers, of which I am one but have more experience with catalog items than scripts and with javascript. Y'all let me know if you want any feedback from me on this after we try it or if you this is enough.
Best regards.
V/R,
Jerry
Jerome Walker