How to remove attachments from a record in scoped application using Business rule

savitha5 · ‎12-13-2018

Hi All,

I have got a requirement to delete attachments from a record in HR Core Case table when the field HR service is changed from General Inquiry to any value. I tried to achieve this using After Business rule on HR Core Case table, but since the Business rule is on Scoped application and Sys_attachment is on Global it is giving an error message as 'Delete operation against 'sys_attachment' from scope 'sn_hr_core' has been refused due to the table's cross-scope access policy'

Below is my Business rule.

when: After
Table: sn_hr_core_case
Script:

var att= new GlideRecord('sys_attachment');
   att.addQuery('table_name','sn_hr_core_case');
   att.addQuery('table_sys_id',current.sys_id);
   att.query();
   while(att.next()){
       att.deleteMultiple();
   }

The Business rule works fine if I switch to Global and edit Sys_attachment table setting and check the can delete option under Access Control tab as shown below screenshot. But I dont want to make any changes directly on Sys_attachment table, because it may affect something else later.

Can anyone help me to fix this.

Thanks in Advance,
Savitha

Alikutty A · ‎12-13-2018

Hello,

There is a cross scope policy that have been added by SN to control access to other scope for CRUD operators or executing APIs. You need to go to you application record for HR Core Case or you can navigate to Application Cross-Scope access module and allow the delete or execute API operation from this table by changing its status to Allowed. Once it is allowed, you will be able to execute the script.

Thanks!

User664605 · ‎12-20-2020

Thank you for the point.

I also faced a similar issue in Delete Attachments OOB action from Flow Designer in core application.

After changing the status from Requested to Allowed for the attached Restricted Action, it worked as expected.

Community Alums · ‎12-13-2018

Hi,

Can you try creating a record under the "Cross Application Scope" module. Although i would definitely question the requirement to delete attachments on changing HR service, it seems you are trying to achieve data security between different services. There could be other ways to achieve this requirement.

Based on your needs at the moment. Do the following

You can referen the following for more details

https://docs.servicenow.com/bundle/london-application-development/page/build/applications/reference/c_CrossScopePrivilegeRecord.html

Please mark helpful or correct based on the impact of the response.

Thanks

Ishan Parikh

Ankur Bawiskar · ‎12-13-2018

Hi Savitha,

I believe only 3 options; first 2 you don't want so try 3rd

1) Make the can delete checkbox true so that record can be deleted from other scope as well

2) Make the business rule run in global scope

Another option you can try is

1) create script include in Global scope and make it accessible from all scopes

2) in this script include have the code to delete attachment i.e. function will take the table name and table sys id and query and delete

3) call this script include function from business rule which is in scoped app

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader