Attachment access control

Go to solution
waseem5
Kilo Expert

‎09-01-2015 04:42 AM

Hi All,

I want to implement access control to attachments. While adding an attachment, I need an option to mark it as External Visible = true/false.

And only if "true" certain users with some role should be able to see and download the attachment included in a record.

Have seen thru basics of attachment on wiki but did not get a direction.

Any help is appreciated.

Thanks

Waseem

0 Helpfuls
  • 2,432 Views
1 ACCEPTED SOLUTION

Go to solution
Thijs Daemen
Mega Guru

‎09-01-2015 05:45 AM

Hi Waseem,



You could customise this by making modifications to the attachment ui page. Next to that you will need some modifications to the access control rules on the sys_attachment table.



You could make it similar to the encryption context for attachments. Or you could even use encryption contexts for attachments, since this will virtually do what you want based on roles (a role is linked to a encryption context).



Encryption Support - ServiceNow Wikihttp://wiki.servicenow.com/index.php?title=Encryption_Support#gsc.tab=0


View solution in original post

5 REPLIES 5

Go to solution
Thijs Daemen
Mega Guru
In response to Alexandre Gava1

‎10-03-2021 06:23 PM

Hi @Alexandre Gavazzi

Updated documentation can be found here: https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/encryption/concept/c...

It describes both pro's and con's about column level encryption and some of the new features that have been added over the last 6 years. 

As for your questions; 

  • It is always available, i think it qualifies as platform capability. 
  • When does it make sense to use it? Going to be honest here, i've never in my 12 years of consulting on ServiceNow had to resort to using column level encryption. There were always better ways of dealing with security related matters. Especially in the latest releases with application scopes. 
  • Difference; Depending on access to attachments, this is currently very different from 6 years ago. But back then attachments were easily accessible with the correct links, now they would be visible on the form (access to the record = access to the attachment). Encryption context changes that, encrypted attachments would only be accessible with the encryption context role. 

Hope this clarifies. Kind regards,

Thijs