Delete Cross Scope POlicy is not working

Swathi P
Tera Guru

‎04-21-2020 04:08 AM

Hi All,

I have a scoped application. I have a data source in the application.I am trying to delete the attachment attached to the data source through background script . I have added delete cross scope policy from my application but still my script is not working and i am unable to delete the attachment from my datasource. Please suggest.

find_real_file.png

var attach = new GlideRecord("sys_attachment");
attach.addEncodedQuery('table_nameSTARTSWITHsys_data_source^table_sys_id=c9d2bb99db9c1810776f15ce3b9619e6');
attach.query();
if(attach.next())
{
gs.info("Test the Deleting Attachments");
attach.deleteRecord();
}

Labels:
Preview file
18 KB
0 Helpfuls
  • 1,642 Views
5 REPLIES 5

Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎04-21-2020 04:16 AM

Hi Swathi,

OOTB "sys_attachment" table application access setting prevents deletion of records from other scoped apps. I have shared more details here.

https://community.servicenow.com/community?id=community_blog&sys_id=44ad22a9dbd0dbc01dcaf3231f961921

 

- Pradeep Sharma

0 Helpfuls

Swathi P
Tera Guru
In response to Pradeep Sharma

‎04-21-2020 04:54 AM

Hi Pradeep,

I have gone through the thread.I have added a Delete Cross Scope Policy. It should work right . Attachments might get added to the Datasources . There might be duplicate entries into the table. So I want this script to run. Please help.

0 Helpfuls

Pradeep Sharma
ServiceNow Employee
ServiceNow Employee
In response to Swathi P

‎04-21-2020 05:26 AM

Hi Swathi,

The cross scope policy will only work when the table application access setting has delete value enabled. As I mentioned this is disabled OOTB.

That said, you can prevent duplicate entries via the Coleasce field before the record is transformed to the target table.

 

- Pradeep Sharma

0 Helpfuls

Ben Rowny
Tera Guru

‎07-09-2020 03:48 PM

Hi,

You do NOT have to modify the OOTB sys_attachment Application Access or add a Cross Scope policy.  Instead you can just use the scoped version of GlideSysAttachment:

function deleteAllAttachments(record){
	// Utility function removes all the previous attachments
	// Must use GlideSysAttachment in scope
	var gsa = new GlideSysAttachment();

	var att = new GlideRecord('sys_attachment');
	att.addQuery('table_name',record.getTableName());
	att.addQuery("table_sys_id",record.sys_id);
	att.query();
	while(att.next()){
		gsa.deleteAttachment(att.sys_id);
	}
}

I believe this should also respect whether your current scope can access the table your attachments are attached to, which is important, and keeps security tight on your sys_attachment table.