User does not have an ITIL role, but still able to access servicenow backend.

Go to solution
nehasr1288
Tera Expert

‎09-28-2018 06:41 AM

Hi,

 

I have only given access to service portal to my users and have not given them itil role but still users after they click on 'back' twice in the service portal are able to reach the backend servicenow.How to stop this?

 

find_real_file.png

Preview file
5 KB
0 Helpfuls
  • 2,938 Views
1 ACCEPTED SOLUTION

Go to solution
Jaspal Singh
Mega Patron
Mega Patron
In response to nehasr1288

‎09-28-2018 07:36 AM

You need to delete the script.

 

If you want it specific for Roles you can use below.

addLoadEvent(ESSUserRedirectSP);
function ESSUserRedirectSP() {
	if(g_user.userName != "guest"){
		if(!g_user.hasRoles()){ //This works for users with no role
			var topurl = getTopWindow().location.toString();
			
				var url = "https://" + window.location.host + "/portal_name";
					top.window.location = url;
				}
			}
		}
	}
}

 

Thanks,

Jaspal Singh

 

Hit Helpful or Correct on the impact of response.

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
nehasr1288
Tera Expert
In response to Jaspal Singh

‎09-28-2018 07:48 AM

Yes I know but for deleting the script the admin needs to have access to the backend.I cant delete it from my service portal.I think the below code  should be removed.It is a risk

if(g_user.userName != "guest")
0 Helpfuls