Attachment Link not working for non-admins

Go to solution
thomasawhit
Tera Expert

2 weeks ago

I have a link to an attachment on the Change form that works for users with the Admin role but not for people without Admin.

 

The link is an HTML type field with a default value of <a href="https://<server URL>/sys_attachment.do?sys_id=6ac49de0479c435019af9258436d4341" target="_blank">Risk Reference Guide</a>

When any person with the admin role clicks on this link, the file downloads as expected.

If anyone else clicks this link, they get a new tab with the message "Requested attachment is not available."

 

The attachment is a .xlsx file.

I've checked ACLs and roles but can't find anything.

Any ideas as to what to look for?

0 Helpfuls
  • 767 Views
1 ACCEPTED SOLUTION

Go to solution
Vishal Jaswal
Tera Sage

2 weeks ago - last edited 2 weeks ago

Hello @thomasawhit 

Navigate to All > Access Analyzer > Analyze Permissions - Populate the fields as shown below and click Evaluate access

VishalJaswal_0-1780070694368.png

VishalJaswal_1-1780070725450.png

If read is blocked, then it is definitely ACL on sys_attachment table (your hyperlink is of sys_attachment).

Click on this read blocked to see which all ACLs have status as passed and which ones have blocked:

VishalJaswal_2-1780070795101.png



You can work with your security_admin to work on all required ACL (read ACL description to understand them better).

Additional Information:

You can apply fitlers in the sys_security_acl table as per your requirement to drill down to the actual ACLs causing this issue:

VishalJaswal_0-1780071956169.png

 

 


Hope that helps!

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Vishal Jaswal
Tera Sage

2 weeks ago - last edited 2 weeks ago

Hello @thomasawhit 

Navigate to All > Access Analyzer > Analyze Permissions - Populate the fields as shown below and click Evaluate access

VishalJaswal_0-1780070694368.png

VishalJaswal_1-1780070725450.png

If read is blocked, then it is definitely ACL on sys_attachment table (your hyperlink is of sys_attachment).

Click on this read blocked to see which all ACLs have status as passed and which ones have blocked:

VishalJaswal_2-1780070795101.png



You can work with your security_admin to work on all required ACL (read ACL description to understand them better).

Additional Information:

You can apply fitlers in the sys_security_acl table as per your requirement to drill down to the actual ACLs causing this issue:

VishalJaswal_0-1780071956169.png

 

 


Hope that helps!
0 Helpfuls

Go to solution
thomasawhit
Tera Expert
In response to Vishal Jaswal

2 weeks ago

Thanks. It is, indeed, an ACL. Just tracking it down now.

0 Helpfuls

Go to solution
Tanushree Maiti
Tera Patron

2 weeks ago

Hi @thomasawhit 

 

Resolution

The affected users are failing table-level read ACL on the sys_attachment table which is the reason why they are not able to add any attachments to the item.

Create a new table-level 'create' ACL on the sys_attachment table 
To resolve the issue, please modify the above ACL to allow users to add attachments as per customers' business requirements.

 

Note: though these KB are on different table, but almost concept is same.

refer: KB0965794 Non-Admin users can't upload attachments using attachment variable type on Catalog item 

KB0718509 Users without the 'admin' role are not able to attach files (attachments) to closed incide... 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls