Is it possible to restrict end users from accessing the UI?

Brian Greene1
Tera Contributor

‎11-28-2017 03:00 PM

Is it possible to restrict end users from accessing the UI and just to the Service Portal?

Labels:
0 Helpfuls
  • 5,714 Views
7 REPLIES 7

Jace Benson
Mega Sage

‎11-28-2017 03:19 PM

So you can redirect users to the portal after logging via the property "glide.entry.first.page.script"


Redirect to Service Portal after login



This thread talks about this as well;


How to redirect users without roles to Service Portal instead of CMS?


Ultimately it came down to another property called "glide.entry.loggedin.page_ess"



But if the users still know about the pages e.g. incident_list.do and such, they can get around you're redirects;


https://servicenowgems.com/2017/09/26/securing-list-and-do-pages-via-acls/


This post talks about setting up ACLS so they cannot get the the .list and .do pages.



Let me summarize in case his blog goes down;


The following acl's will block access to incident.do and incident_list.do


ScreenShot-2017-Nov-28-1718-PM.PNG


ScreenShot-2017-Nov-28-1717-PM.PNG


Preview file
77 KB
Preview file
79 KB

Brian Greene1
Tera Contributor
In response to Jace Benson

‎11-28-2017 04:19 PM

What about restricting access to the entire CMS page when "/sp" is removed


from the URL?



On Nov 28, 2017, at 6:20 PM, jacebenson <community-no-reply@servicenow.com>


0 Helpfuls

Jace Benson
Mega Sage
In response to Brian Greene1

‎11-29-2017 12:43 AM

I'm not sure I follow.


0 Helpfuls

Jerome Walker
Tera Contributor
In response to Jace Benson

‎05-23-2024 02:13 PM

I do, Jace, I follow exactly, because I'm  looking for the same thing:

If a user is a basic user, (if he/she only has snc_internal or only has snc_external), he/she can get to all or some sites with URLs starting with "https://XXXXX.service-now.com/sp" but cannot get to any sites that begin "https://XXXXX.service-now.com" (the TLD) that are not directly followed by "sp".

 

Am I right or am I right, Brian? (@Brian Greene1)

 

This should make it clear so you can help Brian and me, and others, Jace.

 

Y'all probably saw the script that the KB the addresses this, right?

addLoadEvent(function()
{
    if(!g_user.hasRoleExactly('itil') && document.URL.indexOf('.do')!= -1)
  {
   window.location='/sp';
   }
  else
  {return}

});

Here's that KB:

Restrict ESS or non-role users from navigating to native UI by manipulating the URL - Support and Tr...

 

I hope this helps, guys. I'll forward this to our developers, of which I am one but have more experience with catalog items than scripts and with javascript. Y'all let me know if you want any feedback from me on this after we try it or if you this is enough.

 

Best regards.

V/R,

Jerry

Jerome Walker