Hi @Pallavi pawar ,
Please follow these steps in order to show attachments only to a specific group.
Step 1: Create a new script include extending the OOB Script Include "AttachmentSecurity", replace <Group Name> with the group name in your instance.
I've named the Script Include as AttachmentSecurity_Custom
You can create the script include with the same name and paste this code as is
var AttachmentSecurity_Custom = Class.create();
AttachmentSecurity_Custom.prototype = Object.extendsObject(AttachmentSecurity, {
canRead: function(current) {
if (current.table_name.nil())
return true;
// If the attachment is from live feed,
// grant it the read access
if (current.table_name.indexOf("live_profile") > -1 || current.table_name.indexOf("live_group_profile") > -1)
return true;
// custom code - start
if (current.table_name.indexOf('incident') > -1 && !gs.getUser().isMemberOf('<Group Name>')) {
return false;
}
// custom code - end
// Remove Prefix
var tableName = current.table_name + '';
if (tableName.startsWith("invisible."))
tableName = tableName.substring(10);
else if (tableName.startsWith("ZZ_YY"))
tableName = tableName.substring(5);
var parentRecord = new GlideRecord(tableName);
parentRecord.setWorkflow(false);
if (!parentRecord.isValid() || !parentRecord.get(current.table_sys_id)) {
if (current.sys_created_by.equals(gs.getUserName()))
return true;
return false;
}
return parentRecord.canRead();
},
type: 'AttachmentSecurity_Custom'
});
Step 2 : Open the OOB ACL present on the sys_attachment table, here;s the link to it:
https://<your_instance>.service-now.com/sys_security_acl.do?sys_id=0bcf23740a6a38d400c7e02590038464&...
Step 3 : Modify the ACL script as:
answer = new global.AttachmentSecurity_Custom().canRead(current);
Let me know if you have any queries.
If my answer has helped with your question, please mark it as correct and accepted solution.
Thanks,
Karan
