Securing .list And .do Pages Via ACLs

Within ServiceNow, anyone can go to any table by manipulating the URL or via the navigation menu.

I.E, if you want to go to the incident table, even if you haven’t access to the incident module, you can just:

  1. go directly via the url: https://sn-instance.com/incident_list.do or https://sn-instance.com/incident.do
  2. in the navigation menu search bar, type incident.list or incident.do

Having ACLs in place makes sure that the actions that you don’t want to happen don’t happen (create, write, read, delete). However, what if you just want to stop navigating to that URL in the first place?

You can stop users getting to the page via the navigation menu by editing the ‘NavFilterExtension’ UI Script (it has very good comments in there and easy to edit to do what you want).

I accidentally stumbled across a neater solution, again using ACLs.
Continue reading

Intercepting Record Access

For years I’ve been working with ServiceNow and every time, one thing that always got to me that I never understood how it was accomplished was when viewing a sc_request record in self service view, it always re-directed to the order summary UI page.

order_summary

I just couldn’t figure it out and just assumed it was some hard-coded logic hidden away from us… until now! (yes, I’m a little excited about this…)

Continue reading

Reverting The ‘Modern Cell Coloring’ Back to Pre-Eureka

Having upgraded to Eureka, we’ve had a lot of comments from customers regarding the new field coloring which ServiceNow has introduced.

If you haven’t seen it, here’s a couple of screenshots below which show the before and after:

cellcolour

 

On top is the old style, on the bottom is the new style.

Anyway, as I was saying, a number of customers didn’t like the modern styling because they didn’t think it stood out enough and wanted their field styles to jump out to their users.

Of course, the users could manually click on the cog and untick the modern cell coloring option, but that would mean by default it was switched on. Instead, I came up with an extremely simple script to default the styling to full field coloring when the user logged in.

Continue reading