Is it possible to hide attachments from users based upon a client script?

Go to solution
Joshua Cassity
Kilo Guru

‎03-02-2017 02:37 PM

We are a provider of service for multiple agencies and the issue we have now is that each agency wants to hide the majority of their incident data away from one another based upon the caller and the assignment group that the incident is assigned to. They have agreed to leave some fields globally visible to everyone such as the Incident Number, Short Description, Assignment Group, etc... so that can keep an eye on cross-agency incidents. We also dynamically hide tabs as well to prevent them from getting access to the activity stream.

Is there a way to also hide or prevent access to the related attachments section on that incident using a client script, ACL or combination of the two?

0 Helpfuls
  • 5,758 Views
1 ACCEPTED SOLUTION

Go to solution
Joshua Cassity
Kilo Guru
In response to Pradeep Sharma

‎03-03-2017 06:15 AM

Looking at another example of how to hide other elements on the page, I found the following line that seemed to have fixed the issue:



      gel('header_attachment').style.display='none';


Putting this into the client script that also hides some tabs on the incident form resulted in the entire attachment header being removed from the view. I think this is what we are looking to get accomplished.



Not for sure if this is deprecated or if it ever will be but hopefully not... lol


View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎03-02-2017 02:44 PM

Hello Joshua,



You can hide the attachment with disableAttachments() method at client side i.e g_form.disableAttachments();


http://wiki.servicenow.com/index.php?title=GlideForm_(g_form)#disableAttachments&gsc.tab=0


To check for role you can use method g_user.hasRole('PASS ROLE NAME HERE'); at client side.


GlideUser (g user) - ServiceNow Wiki


0 Helpfuls

Go to solution
Joshua Cassity
Kilo Guru
In response to Pradeep Sharma

‎03-03-2017 05:50 AM

My apologies, I wasn't very clear about what I needed after reading my inquiry. What I need to do is hide any attachments that may have have already been attached.



So while the gentleman below can only see a minimum data set on the incident (because he does not meet the criteria to see the full record) he can still view / open attachments, which we want to disable.



find_real_file.png


Preview file
89 KB
0 Helpfuls

Go to solution
Joshua Cassity
Kilo Guru
In response to Pradeep Sharma

‎03-03-2017 06:15 AM

Looking at another example of how to hide other elements on the page, I found the following line that seemed to have fixed the issue:



      gel('header_attachment').style.display='none';


Putting this into the client script that also hides some tabs on the incident form resulted in the entire attachment header being removed from the view. I think this is what we are looking to get accomplished.



Not for sure if this is deprecated or if it ever will be but hopefully not... lol


0 Helpfuls

Go to solution
Gaurav Bajaj
Kilo Sage
In response to Joshua Cassity

‎03-03-2017 06:29 AM

Hi,



I was wondering what if someone just play with browser console and make "display : block"   from none.


It's better to have a server side validation in terms of ACL, which would provide a robust solution.



Thanks


Gaurav


0 Helpfuls