How to create a download link that needs to work for a specific role or group on Service Portal

Go to solution
caiooliveira
Tera Expert

‎02-14-2024 11:26 AM

I need to create a download link for the Service Portal. The file is an Excel spreadsheet. I created the link in the Portal using the 'rich text label' variable, then added the link '/sys_attachment.do?sys_id='SYS_ID_FROM_SYS_ATTACHMENT' to this variable.

To make the file available in the attachments table, I created a system property and attached the file to it.

caiooliveira_0-1707938790675.png

 

 

The download link works, however, only for those with the 'admin' role. I don't have the 'security_admin' role to add a new role to the 'read' ACLs of the sys_attachment.

 

The functionality should be made available to 2 specific groups. Any ideas?"

0 Helpfuls
  • 1,070 Views
1 ACCEPTED SOLUTION

Go to solution
Robin John
Kilo Sage

‎02-15-2024 05:18 AM

Hi! Since you attached the file to the sys_properties table, the ACL is checking if the user has read access to the sys_property record. One possible solution could be to create a custom role and add it to the groups that can access the attachment. Then in your system property grant read access to the custom role. 

RobinJohn_0-1708002654969.png

According to the AttachmentSecurity script include (sys_script_include.do?sys_id=ffbb141c471103007a977eaecb9a712e), this should grant access to the user (with the custom role) to the attachment.

Another solution could be to navigate to the sys_attachment table, find the record and then via list edit clear the table_name. This will grant everyone access to the attachment. Then your widget could have the condition to render the link only for the users in the said groups.

View solution in original post

8 REPLIES 8

Go to solution
caiooliveira
Tera Expert
In response to Sumanth16

‎02-16-2024 12:21 PM

Thanks for trying to help me!

0 Helpfuls

Go to solution
Robin John
Kilo Sage

‎02-15-2024 05:18 AM

Hi! Since you attached the file to the sys_properties table, the ACL is checking if the user has read access to the sys_property record. One possible solution could be to create a custom role and add it to the groups that can access the attachment. Then in your system property grant read access to the custom role. 

RobinJohn_0-1708002654969.png

According to the AttachmentSecurity script include (sys_script_include.do?sys_id=ffbb141c471103007a977eaecb9a712e), this should grant access to the user (with the custom role) to the attachment.

Another solution could be to navigate to the sys_attachment table, find the record and then via list edit clear the table_name. This will grant everyone access to the attachment. Then your widget could have the condition to render the link only for the users in the said groups.

Go to solution
caiooliveira
Tera Expert
In response to Robin John

‎02-16-2024 12:19 PM

Thanks. It worked. I have added the role to the system property and the download has worked fine. How do you know about the AttachmentSecurity script include?

0 Helpfuls

Go to solution
Robin John
Kilo Sage
In response to caiooliveira

‎02-19-2024 01:08 AM

You can find it in the script section of one of the read ACLs on sys_attachment table.

0 Helpfuls