Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Attachments to cases that is only visible to ABC group members only?

Pallavi pawar
Tera Contributor

‎04-27-2023 04:40 AM

Hi All,

 

How can we add documentation/attachments to cases that is only visible to ABC group members only?

 

Thank You!!

0 Helpfuls
  • 573 Views
2 REPLIES 2

Karan Chhabra6
Mega Sage

‎04-27-2023 07:05 AM - edited ‎04-27-2023 07:10 AM

Hi @Pallavi pawar ,

 

Please follow these steps in order to show attachments only to a specific group.
Step 1: Create a new script include extending the OOB Script Include "AttachmentSecurity", replace <Group Name> with the group name in your instance.
I've named the Script Include as AttachmentSecurity_Custom
You can create the script include with the same name and paste this code as is

 

 

var AttachmentSecurity_Custom = Class.create();
AttachmentSecurity_Custom.prototype = Object.extendsObject(AttachmentSecurity, {

    canRead: function(current) {
        if (current.table_name.nil())
            return true;

        // If the attachment is from live feed,
        // grant it the read access
        if (current.table_name.indexOf("live_profile") > -1 || current.table_name.indexOf("live_group_profile") > -1)
            return true;

      // custom code - start
        if (current.table_name.indexOf('incident') > -1 && !gs.getUser().isMemberOf('<Group Name>')) {

            return false;
        } 
     // custom code - end
        // Remove Prefix
        var tableName = current.table_name + '';
        if (tableName.startsWith("invisible."))
            tableName = tableName.substring(10);
        else if (tableName.startsWith("ZZ_YY"))
            tableName = tableName.substring(5);

        var parentRecord = new GlideRecord(tableName);

        parentRecord.setWorkflow(false);
        if (!parentRecord.isValid() || !parentRecord.get(current.table_sys_id)) {
            if (current.sys_created_by.equals(gs.getUserName()))
                return true;
            return false;
        }

        return parentRecord.canRead();
    },
    type: 'AttachmentSecurity_Custom'
});

 

 

 

Step 2 : Open the OOB ACL present on the sys_attachment table, here;s the link to it:
https://<your_instance>.service-now.com/sys_security_acl.do?sys_id=0bcf23740a6a38d400c7e02590038464&...

Step 3 : Modify the ACL script as:

 

 

answer = new global.AttachmentSecurity_Custom().canRead(current);

 

 

KaranChhabra6_0-1682604214671.png

 

Let me know if you have any queries.

 

If my answer has helped with your question, please mark it as correct and accepted solution.

 

Thanks,

Karan

 

 

 

Karan Chhabra6
Mega Sage
In response to Karan Chhabra6

‎05-19-2023 05:36 AM

@Pallavi pawar  - if this worked for you, please mark it as correct and close the thread

 

Thanks!!

0 Helpfuls