Hi,

I'm seeing strange behaviour on my instance, or at least behaviour I wouldn't have expceted.

I have a scheduled job that pulls CSV files from a MID server and attaches them to a data source, where they get imported and transformed. To do this, I first delete all old attachments that are present on the data source, since the data source would otherwise just import the same attachment over and over again.

The code that executes the delete action looks like this:

deleteAttachementsFromDataSource: function(dataSourceId) {
var deletedAttachments = [];
var attachment = new GlideSysAttachment();
var agr = attachment.getAttachments('sys_data_source', dataSourceId);

while (agr.next()) {
    var attachmentFileName = agr.getValue('file_name');
    var attachmentSysID = agr.getUniqueValue();
    attachment.deleteAttachment(attachmentSysID);
    deletedAttachments.push(attachmentFileName);
}

return deletedAttachments;  

Now, the scheduled job that calls this script include function is not running as the system user, but as a specific user that's only used to execute various scheduled jobs in our scoped application (customer's requirement).

This user doesn't have any roles, which shouldn't matter in a scheduled job, unless I enforce ACLs by using GlideRecordSecure (at least that's my assumption).

Yet, this piece of code does not work when executed with this user, but does work if I clear the "Run as" field (executing as System), or if I give the user the approprate roles that allow them to delete attachments.

As far as I know, the documentation of GlideSysAttachment does not mention honoring ACLs at all. What am I missing here? Is this just badly documented, or is this some other issue I just didn't find?