End users are able to access the Background Server's web interface or a particular webengine in the given environment.  What are the recommended approaches to disallow end users from accessing the given server's web interface?

Release : 17.1 and higher

Component : SERVICE DESK MANAGER

It is not possible to configure Service Desk on its permissions (access type and roles) to prevent end users from accessing a specific web engine (see Additional Information in the case of the Background Server). 

If the user has knowledge of the given server and port for the webengine, the user would be able to intuit the direct address for the given webengine to access through their browser.

The key to blocking such access to the users is to configure your network and firewall to reroute or disallow access for those users based on the relevant parameters, such as the user's IP address/subnet configuration.  Environments can also make use of a load balancer, such as the built in web director function to control user access to certain webengines as well.

This article assumes the objective is to limit or block access to a given web server's web UI. 

In the case of the BG Server's web UI, the baseline functionality for Service Desk with AA functionality prevents Service Desk users whose roles lack Admin permissions from accessing the SDM BG Web interface.  Specific setting that controls this access is the end user's Access Type, under the "Access Level" setting.  Setting this value to any entry other than "Admin" will prevent the end users that are tied to the given access type from gaining access to the BG Server's web interface.