Symptoms

Sometimes there are scenarios where users with "vendor_contact" role have trouble accessing pages, search sources, widgets on Vendor Management Service Portal. (with Service Portal User Criteria Support and Explicit Roles plugins enabled)

Symptoms can be the following but not limiting to:

• Pages or Homepage returning 404 error message.
• Widget(s) associated with the respective page(s) do not load.

Release

London and Madrid.

Cause

• "vendor_contact" entitlement role contains "snc_external" role.
• So technically, users with "vendor_contact" role are considered as external users.
• As per our platform design and security in consideration, "snc_external" entitled users are by default restricted to access components.
• So creating and mapping user criteria that explicitly grants access to "snc_external" (or "vendor_contact") role will then be able to access the respective components
• Service Portal User Criteria Support provides the following component-level granularity where user criteria records are needed as per business requirements:
  • Portal's page specific (Underlying widgets need to be configured similarly)
  • Portal's widget specific (this will be then accessible on all pages that contains this widget)
  • Portal's search source specific (portal specific)
  • Portal's widget-instance specific (this will be specific to portal's page and the respective widget, it won't work for any other page that uses the same widget)

Resolution

• The resolution is quite simple - create the needed user criteria records and map to the respective components (pages, widgets, widget instances and/or search source(s))
• Another approach is that if you don't like to use user criteria post plugin activation and would like to control access via role-level then:
  • Navigate to "Service Portal" > "Properties".
  • Look for "Enable use of User Criteria records instead of Roles fields for Service Portal entitlements".
  • Uncheck the checkbox "Yes | No".
  • This system property defines permissions for Service Portal widgets, widget instances, search sources and pages
• There is another property just right below the above one which takes in list of roles that can bypass User Criteria validation (if user criteria is being used)

Additional Information

• User Criteria for Service Portal (Madrid): https://docs.servicenow.com/bundle/madrid-servicenow-platform/page/build/service-portal/concept/user-criteria.html
• Explicit Roles (Madrid): https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/contextual-security/concept/explicit-roles.html