Activity Tab in CSM Portal Exposing Internal Notes and Tasks to External UsersIssue External users are able to view internal work notes and tasks related to onboarding cases via the Activity tab in the CSM Portal.To reproduce the issue: Log in to the instance.Impersonate an external user (e.g., User 1).Navigate to the onboarding case URL.Observe that internal work notes and tasks are visible under the Activity tab.ReleaseAll supported releasesCauseThe default ACLs (Access Control Rules) or activity stream configuration do not restrict sensitive data (e.g., work notes, internal tasks) from users with the snc_external role.ResolutionTo prevent external users from viewing internal activity: Review and update ACLs: Identify ACLs controlling read access to Work notes, Comments, and Tasks on the affected case table.Restrict these ACLs by excluding users with the snc_external role or including only roles like itil, admin, or internal support roles. Use custom logic if needed: Implement a scripted ACL to check user roles and field types (e.g., only allow comments for external users).Example condition: answer = !gs.hasRole('snc_external'); Modify the Activity Formatter (if applicable): In the form layout or widget, ensure the activity formatter is scoped to only display comments or permitted fields for external users. Note: Creating and maintaining script-based ACLs is considered customization and falls outside the scope of standard ServiceNow support. Always consult with your ServiceNow admin or implementation partner when deploying custom logic.