How to Hide Attachements, Description and Notes for incidents assigned to Edge Support

nameisnani
Mega Sage

‎05-06-2025 12:27 AM

Hi Team , 

 

can anyone please help me on this requirment . 

 

Up until now we have hidden all elements of incidents assigned to  Edge Support from all users who are not members of  Edge Support group or Major Incidsent Managers - This however is proving to be frutrating for the AUDIT team who are unable to report on incident volumes and other governance elements as these incidents are no visisble to them - Another option is to hide the fields that contain sensitive PII data instead of hiding the whole tickedt perhaps by using some of the aoptions listed below:

 

Is that possible to hide attachments and specific fields on the Incident form for specific users or groups .

 

can anyone please provide me the detailed configuration steps to achieve this requriment .

 

if possible please provide screenshots for better understanding .

 

Thanks in davnce 

0 Helpfuls
  • 408 Views
5 REPLIES 5

ThandileS
Tera Contributor

‎05-06-2025 01:06 AM

ThandileS_0-1746517877688.png

You can Hide fields for a specific groups using UI policies.

ThandileS_1-1746518224718.pngThandileS_2-1746518266600.png

 

Or you can use ACL's to prevent certain roles/groups from being able to read the fields.

ThandileS_4-1746518754669.png

ThandileS_5-1746518784628.png

 

 

 

0 Helpfuls

nameisnani
Mega Sage
In response to ThandileS

‎05-06-2025 01:44 AM

@ThandileS 

 

you are confused here ,

 

It has to visible for Edge-SUP , admin and Major Incidsent Managers .

 

For audit team , few fileds has to be hide , like attachment . descpriton and worknotes .

 

@ThandileS  

0 Helpfuls

nameisnani
Mega Sage

‎05-06-2025 01:49 AM

@Ankur Bawiskar 

@AnveshKumar M 

@ThandileS 

 

Please help me here 

 

If an audit team few fileds has to be hide , like attachment . descpriton and worknotes .

 

Old requirment  FYI

nameisnani_0-1746521235519.png

nameisnani_1-1746521306808.png

 

0 Helpfuls

_ukasz Rybicki
Giga Guru

‎05-06-2025 01:57 AM

Problem Name

Hide attachments & sensitive fields for specific users/groups on Incident 🎯

Solution 1: ACL + UI Policy

General:
Use conditional Read ACLs on sys_attachment / sys_attachment_doc to block attachment visibility on Incidents assigned to “Edge Support” for unauthorized users, then employ a UI Policy to hide PII fields (e.g., SSN).

Detailed Steps:

  1. Read ACL – sys_attachment

    • Go to System Security > Access Control (ACL), New: Table = sys_attachment, Operation = read, Advanced = ✔

    • Script:

      if (current.table_name=='incident') {
  var inc=new GlideRecord('incident');
  inc.get(current.table_sys_id);
  if (inc.assignment_group=='Edge Support')
    return gs.getUser().isMemberOf('Edge Support') || gs.hasRole('major_incident_manager');
}
return true;

     

  2. Duplicate ACL for sys_attachment_doc with same script.

  3. UI Policy – Incident table:

    • Condition: !g_user.isMemberOf('Edge Support') && !g_user.hasRole('major_incident_manager')

    • Actions: for each sensitive field (u_ssn, u_personal_email), set Visible = false.

  4. Test:

    • Log in as a non-member, open an Incident assigned to Edge Support: attachments disappear; PII fields hidden.

Simple Test:
Verify non-members see no paper-clip icon or SSN field; members still see both.

Solution 2: Client Script & UI Policy

General:
On form load, run a Client Script to hide attachment UI elements and sensitive fields for unauthorized users, backed by a UI Policy for fields. (servicenow.com)

Detailed Steps:

  1. Client Script (onLoad):

    function onLoad() {
  if (!(g_user.isMemberOf('Edge Support')||g_user.hasRole('major_incident_manager'))) {
    document.querySelectorAll('.attachment,.activity-stream').forEach(el=>el.style.display='none');
    ['u_ssn','u_personal_email'].forEach(f=>g_form.setDisplay(f,false));
  }
}

  2. UI Policy – same as Solution 1 to enforce field hiding if script fails.

  3. Deploy and Test as above.

Simple Test:
Ensure that unauthorized users can’t see the paper-clip or PII fields; authorized users remain unaffected.

Please mark as correct if this solves your requirement! 🙌

Self-analysis

  • Assumptions: Exact group/role names; DOM classes (.attachment) stable across releases.

  • Potential Errors: Direct DOM manipulation is unsupported and may break in future UI updates; client script race conditions.

  • Improvements: Use an After Display Business Rule + g_scratchpad to reliably pass server-side decisions to the client; override the attachments UI Macro for a cleaner condition-based rendering; abstract group IDs via sys_ids, not names.

Final Version

Refined Solution: ACL + Business Rule + UI Policy

  1. ACLs (as above) on sys_attachment/sys_attachment_doc.

  2. After Display BR on Incident:

    if (current.assignment_group=='Edge Support'
    && !gs.getUser().isMemberOf('Edge Support')
    && !gs.hasRole('major_incident_manager'))
  g_scratchpad.hideAttach = true;

  3. Client Script (onLoad):

    function onLoad() {
  if (g_scratchpad.hideAttach)
    g_form.setSectionDisplay('attachments', false);
}

  4. UI Policy to hide PII fields.

  5. Test: Non-members see no attachments section or PII fields; members see both.

This approach avoids unsupported DOM hacks by using g_scratchpad and g_form.setSectionDisplay. 🚀

0 Helpfuls