Configure widget security

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Configure widget security to ensure that your widget is being accessed only by the intended audience.

    시작하기 전에

    Role required: admin or sp_admin

    이 태스크 정보

    There are several ways to configure widget security:
    • Restrict the widget to users with a login only (authenticated users)
    • Restrict the widget to users with certain roles only
    • Restrict which tables a public widget can access and return data from for guest (unauthenticated) users

    When you configure widget security, configure the page security accordingly so that users can access the widget via the page on which it appears. For more information, see Configure page security by role.

    프로시저

    1. Navigate to All > Service Portal > Widgets.
    2. Open the record of the widget to configure.
    3. On the form, configure the widget security.
      OptionProcedure
      Restrict the widget to authenticated users Clear the Public check box and leave the Roles field blank.
      Restrict the widget to certain roles
      1. Clear the Public check box.
      2. Next to Roles, select the edit icon (Edit icon).
      3. On the Roles window, select a role by moving it from the Available list to the Selected list.
      4. Select Done.
      Restrict which tables public widgets can access for guest users
      1. Select the Public check box.
        주:
        Public widgets are accessible by any user even if the Roles list contains roles.
      2. Specify the tables that public widgets can access for guest users.

        This applies to widgets that accept the table input parameter only.

        1. In the Public Table Allow List related list, select New.
        2. In the Tables field, select a table from which guest users can access data in the widget.
        3. Select Submit.
        4. Repeat these steps to add additional tables.
      3. In the Server script field, call the SPWidgetAccessControl API before any call to GlideRecord(options.table) and GlideRecordSecure(options.table). For example:
        if(!new global.SPWidgetAccessControl().hasPublicAccess(options.table, $sp, options, input)){
		gs.warn("Deny access to table which is not public: " + options.table);
		data.isValid = false;
		return;
	}

        The parameters passed with SPWidgetAccessControl should be the same as those passed with GlideRecord(options.table) and GlideRecordSecure(options.table). For details on the SPWidgetAccessControl API, see SPWidgetAccessControl - Global.

      4. Select Save.
    4. Select Update.