Actually both are different,

Public role - Public means they can access without logging in. You can add the Public role to Survey, and make application/module public. It will show on the login screen, but they don't need to login to access Survey. Find more info What actually Public role does??

snc_external - External indicates that the user is external to your organization and should not have any access to resources unless you explicitly allow access through ACLs for the snc_external role, or you explicitly grant them additional roles. By default, users with the snc_external role are unable to access non-record type resources as well, such as processors and UI pages. (Mandatory roles )

I am not sure but this gets activate against customer support portal plugin i guess

Public provided access to resources with out authentication, snc_external i guess still requires you to authenticate for resource access.

Chirag Bagdai wrote:


I think, the plugin will be activated automatically if the instance version is after H.

I'm not convinced of that - I've got two Istanbul instances running at present (glide-istanbul-09-23-2016__patch1-12-07-2016 and glide-istanbul-09-23-2016__patch6a-06-05-2017) and both lack this com.glide.explicit_roles plugin, showing it's not provisioned by default (much less activated).

Aha! Further reading of the documentation mentions it needs to be requested: Activate the Explicit Roles plugin

This does feel slightly redundant, though. The role-based mechanism generally works like a lock: add locks in place restricts accessibility to those that hold the right keys. Have no lock, and there are no restrictions upon access - anyone's free to come and go.

Blank for authenticated users and "public" for unauthenticated (anonymous) access struck me as being the wrong way around - I'd have expected blank to mean complete unrestricted access and a specialised role (like "public" or "authenticated_users") to cover ESS users... it seems a bit odd that you've got to explicitly specify a role for anonymous, but leave it clear for authenticated.

Most control systems I've worked with either use a default-all or default-none policy, e.g.:

• Oracle uses default-none: the account can do nothing (even login) without specifically granting rights. Removing the rights means no access.
• Apache uses default-all: people with no rights are free to browse around until they encounter a locked door. Adding restrictions imposes locks in place.

Hi again chirag.bagdai,

I am now struggling with this issue: allow unauthenticated users to access a Form page on Service Portal to create a record on a customized table.

I have already create ACLs for read, write and create with the role 'public' for that table and made de Service Portal page public as well. So, now an unauthenticated user can in fact access the Forma page, fill the form but, when click on "Submit" ui action present on the form, the record is not created.

On the other hand, if I perform this steps with a logged in user, the record is created. This problem only exists when I am using an unauthenticated user.

Any ideias on what I might be doing wrong?

I got this answer previously, but I do not understand what this mean:

"You need to have a workflow do the actual updating. At least that is what I did. You also may want to check for blanks so it only updates fields that have new data in them."

Thanks in advance,

Fábio Gonçalves