Attachments in restricted scoped applications

tim2222
Tera Expert

‎11-14-2018 03:15 AM

Hi All,

I've found that in a custom scoped application where a table is set to be accessible only from that scope, adding an attachment will generate this error on accessing the table record:

Read operation against '...' from scope 'rhino.global' has been refused due to the table's cross-scope access policy

The error is generated from the sys_attachment ACL 0bcf23740a6a38d400c7e02590038464. The ACL determines whether the attachment can be read by opening the source record and testing it for canRead(). This check is going from global scope into our scoped application and therefore (correctly) errors.

I've tried adding a Cross Scope Privilege to allow just global to access my table but this is disallowed:

Global not allowed for cross scope privilege source scope

Is there a way to use attachments in a scoped application without granting access to all applications to the table?

All the best,
Tim

0 Helpfuls
  • 2,334 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

‎11-14-2018 03:48 AM

Hi Tim,

If that is the case then I don't think any other workaround is present.

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎11-20-2018 02:22 AM

Hi Tim,

Any update on this?
Can you mark my answer as correct, helpful if you were able to achieve the requirement. This helps in removing this question from unanswered list and helps users to learn from your thread. Thanks in advance.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎12-13-2018 10:35 PM

Hi Tim,

Any update on this?
Can you mark my answer as correct, helpful if you were able to achieve the requirement. This helps in removing this question from unanswered list and helps users to learn from your thread. Thanks in advance.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Deepak Ingale1
Mega Sage

‎12-13-2018 11:08 PM

Here is the solution

 

1) Install restricted caller access plugin

2) On custom scoped app, make sure that table is accessible for READ ( application access tab on table )

3) Create a cross scope record only for global scope against your application table scope

 

0 Helpfuls