ACL use case

AkashKushwah · ‎07-27-2025

Hi everyone , I have a use case of ACL . So can please help me for this

use case -

A User having a particular role(ITIL role) should not be able to attach a attachment/file through attachment option which is available on the incident form .

Thank You

GlideFather · ‎07-27-2025

Hi @AkashKushwah

try an ACL on sys_attachment table.

script would be similar to this deaft:

if (gs.getUser().hasRoleExactly(“itil”) {
Answer = false;
} else {

answer = true;

}

let me know if you have any progress.

ps: hasRoleExactly(itil) will be evaluated false by admin, the user must have explicitly assigned this particular role, no inheritance is taken to consideration.

if you want to consider inheritance, go with hasRole(“itil”);

———
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */

View solution in original post

AkashKushwah · ‎07-27-2025

Can i also use this script for custom form?

View solution in original post

GlideFather · ‎07-27-2025

@AkashKushwah Yes, absolutely.

it’ll might require some tweaks, but custom of ootb it works the same.

even for a custom app/table, set of access roles are auto-created.

example, my custom table is called vinegar, it will be created vinegar.user, vinegar.admin and vinegar.manager (not sure how exactly but some 3 basic roles are autocreated) and these are a part of the ACL, so you can adjust together with this or create new from scratch

———
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */

View solution in original post

Its_Azar · ‎07-27-2025

Hi there AkashKushwah

You can handle this with a Create ACL on the sys_attachment table. Just block users with the itil role from adding attachments to the incident table.

like this

if (gs.hasRole('itil') && current.table_name == 'incident') {
  answer = false;
} else {
  answer = true;
}

:

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,

Mohamed Azarudeen Z

Developer @ KPMG

 Microsoft MVP (AI Services), India

View solution in original post

GlideFather · ‎07-27-2025

Hi @AkashKushwah

try an ACL on sys_attachment table.

script would be similar to this deaft:

if (gs.getUser().hasRoleExactly(“itil”) {
Answer = false;
} else {

answer = true;

}

let me know if you have any progress.

ps: hasRoleExactly(itil) will be evaluated false by admin, the user must have explicitly assigned this particular role, no inheritance is taken to consideration.

if you want to consider inheritance, go with hasRole(“itil”);

———
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */

AkashKushwah · ‎07-27-2025

Can i also use this script for custom form?

GlideFather · ‎07-27-2025

@AkashKushwah Yes, absolutely.

it’ll might require some tweaks, but custom of ootb it works the same.

even for a custom app/table, set of access roles are auto-created.

example, my custom table is called vinegar, it will be created vinegar.user, vinegar.admin and vinegar.manager (not sure how exactly but some 3 basic roles are autocreated) and these are a part of the ACL, so you can adjust together with this or create new from scratch

———
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */

Its_Azar · ‎07-27-2025

Hi there AkashKushwah

You can handle this with a Create ACL on the sys_attachment table. Just block users with the itil role from adding attachments to the incident table.

like this

if (gs.hasRole('itil') && current.table_name == 'incident') {
  answer = false;
} else {
  answer = true;
}

:

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,

Mohamed Azarudeen Z

Developer @ KPMG

 Microsoft MVP (AI Services), India