External Access to Experience Pages with PAR Dashboards
🟢 What’s the Scenario?
In some projects, especially in industries like telco, there’s a need to expose dashboard-style visualizations to external users (e.g., users with the snc_external role). These dashboards are often built in UI Builder using Performance Analytics Reporting (PAR) components.
However, the new OOTB PAR tables and structures are not designed for external access, making this setup complex and time-consuming when trying to share via portals or Experience pages.
⚠️ The Challenge
Out-of-the-box tables and access models used by PAR dashboards:
-
Are locked down for internal use.
-
Require extensive ACL and UX configuration to be externally available.
-
Do not include simplified sharing tools for customer-facing portal views.
✅ The Expectation
Teams expect a simplified and secure way to allow external users to:
-
View Experience Pages with dashboards and analytics.
-
Access their own CI-related data via a self-service portal.
-
Avoid deep customization and rule overrides.
🛠️ Solution Overview
Depending on your ServiceNow release, instance configuration, and the specific PAR components included in your UI Builder page, you may need to apply additional security settings. Below is a baseline step-by-step guide to help you configure secure external access to PAR components within Experience pages.
🔐 Step-by-Step Configuration
1. Grant Access to the Experience Page
a. Add Role in Experience Settings:
-
Navigate to the Experience settings in the UI Builder.
-
Add the
snc_externalrole under Roles section by using "Open access controls" link.
b. Define Public Audience:
-
Create a User Criteria for the "public" audience (mapped to
publiceuser role). - On the target Experience Page, add the newly created Audience to allow
publicaccess.
c. Create ACLs for Experience Page route:
- You must create two ACLs:
| ACL Type | Name | Operation | Notes |
|---|---|---|---|
ux_page |
Replace slashes in the workspace URL with dots (e.g., |
read |
Controls page-level access |
ux_route |
Same as above, but with (e.g., |
read |
Controls route-level access |
-
Include roles such as
snc_externalor your custom external role.
2. Enable Access to Visualization Data
Create ACLs on the relevant data tables used by visualizations (e.g., incident, cmdb_ci, ...)
| ACL Type | Table / Field | Operation | Notes |
|---|---|---|---|
record |
e.g., incident |
report_view |
For record level access |
record |
e.g., incident.* |
report_view |
For field level access |
-
Assign roles like
snc_externalor your custom external one. -
Note: You can now restrict data visualizations to specific roles or conditions. This means that even if the Experience Page is publicly accessible, the data displayed through PAR components—sourced from various tables—will only be visible to the intended audience, ensuring secure and role-based access control.
3. Optional: Adjust System Properties
These system properties may impact behavior:
| Property | Description |
|---|---|
glide.ux.user_criteria_enabled |
Enable User Criteria over role fields for UX variants. |
glide.rest.global.honor_snc_internal_flag |
Set to false to relax snc_internal restriction for REST APIs when using explicit roles. |
4. Additional ACLs (Depending on Setup)
Depending on the instance release and the different PAR components you need to use on your page, you may also need to adjust the following ACLs:
| ACL Type | Table / Field | Operation |
|---|---|---|
REST_endpoint |
/api/now/par/dashboards/analytics/components |
execute |
record |
sys_ux_app_config |
read |
record |
sys_viz_data_source |
read |
ux_route |
now.platform-analytics-workspace.* |
read |
record |
Aditional ACLs on PAR Configuration tables, the tables with "par_" prefix |
read |
xxxxx |
Aditional ACLs to be adjusted depending on instance configuration and Page components used. |
read |
🧠 Best Practices
-
Always test access using a real external test user.
-
Monitor browser/network logs for 403 errors—these often indicate missing ACLs.
-
Document any custom roles and ACLs for future maintainability.
📌 Summary
Enabling external users to view Experience Pages with PAR components requires:
-
Proper role/audience configuration in UX.
-
Explicit ACL creation at UX and data levels.
-
Review of system properties and REST access rules.
- Note: Tested on Xanadu release
Though not yet fully OOTB-ready for external use, with the right setup, you can still deliver powerful, secure dashboards to external users.
If you run into any issues or need further clarification, please don’t hesitate to reach out.
I hope this helps! 😊👍
Kind regards
Luis Estéfano
Customer Outcomes ITSM
