How to make reports visible to users that any not logged in to SNor do not have SN accounts

Go to solution
Kyle Wiley
Mega Expert

‎09-28-2017 08:30 AM

I need to be able to make some reports visible to everyone in our organization, whether they are logged into SN or not.

 

Everyone in our organization has a SN login but not everyone has ever logged in before and I don't want the higher up management employees needing to login to SN first in order to view some of the published reports out there.

 

I have published several reports that will be used for Incident tracking during a org wide go live we are having and all of the reports are set to be available to everyone with the following roles:  public, snc_internal, snc_external.

 

The reports can be viewed if the user is an internal SN user but they must be currently logged in to SN in whatever browser they open the report page.  When I click on the page, I can see the name of the report but it says, "Security constraints preven access to requested page.".

 

Does that mean I need to edit the ACLs in order for the reports to be seen for the Incident table?  If so, what ACL needs to be edited?  I have already tried to add the snc_external  and the public  role to the incident.* read ACL and this didn't fix the issue.  

 

Any ideas?  

Labels:
0 Helpfuls
  • 8,957 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to Srikanth Menava

‎09-28-2017 09:28 AM

Yes, it can be resolved by opening up read permission to the underlying tables/fields. That's a risk you need to be aware of and accept if you do this. There's a reason for security and authentication. If you choose to bypass it because of a requirement to make it public, you accept those risks.


View solution in original post

13 REPLIES 13

Go to solution
Chuck Tomasi
Tera Patron
In response to Srikanth Menava

‎09-28-2017 09:28 AM

Yes, it can be resolved by opening up read permission to the underlying tables/fields. That's a risk you need to be aware of and accept if you do this. There's a reason for security and authentication. If you choose to bypass it because of a requirement to make it public, you accept those risks.


Go to solution
Srikanth Menava
Kilo Sage
In response to Chuck Tomasi

‎09-28-2017 10:04 AM

Hello Chuck,


It make scomplete senmse.. I understand what you are talking about. I cannot make the tables public because of the security issues. But are ther any possible work arrounds for that.. and can you let me know if there are any.


0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to Srikanth Menava

‎09-19-2018 04:59 AM

What you are asking is contradictory. It's a bit like asking "how do I let people in my locked store who don't have a key? - and I don't want to leave to leave the front door open."

The only other option I see is to export the data, either email them the report or send it to another system that they do have access to. The down side there is that you lose all the value of having "drill" capability and the report is no longer real-time data.

0 Helpfuls

Go to solution
Kyle Wiley
Mega Expert
In response to Chuck Tomasi

‎09-28-2017 11:28 AM

I spoke with our CIO and this is not something we want to do, opening up the security.   We are just going to try to have the users that cannot access the reports, log into SN, then the reports that are public will be accessible to them, based on the ACL configuration that I have edited already.



Thanks Chuck.



But as a side note, what is the point of the snc_external role if it could not be used in a case like this?   I understand the need for the snc_internal role but not the snc_external...


0 Helpfuls

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee
In response to Kyle Wiley

‎09-28-2017 11:35 AM

Hello Kyle,



Update on a snc_external role: You can give both internal users and external users access to your instance. However, you might not want both types of users to have the same level of access. To provide added security, every user must have at least one role so that the instance can distinguish between internal and external users.


External users must obtain, at minimum, the snc_external role. The snc_external role indicates that the user is external to your organization and should not have any access to resources unless explicitly allowed through ACLs for the snc_external role or additional roles. By default, users with the snc_external role are unable to access non-record type resources as well, such as processors and UI pages.



Reference:


https://docs.servicenow.com/bundle/helsinki-servicenow-platform/page/administer/contextual-security/...



Please let me know if you have any additional questions.


0 Helpfuls