Is it possible to hide sent/received emails from activity log on case-by-case basis?

jaakko_jalo
Tera Contributor

‎10-24-2017 03:39 AM

Is it possible to hide sent/received emails from activity log on case-by-case basis before email details are loaded to page?

I have a requirement where some incidents, that meet certain criteria, cannot be fully shown to users who are not part of said incident. All users can see some details of the ticket (number, assignment group, assigned to) but only select people can see the ticket in full.

This is easy enough to do with ACLs and activity log respects these ACLs...
...with the exception of sent/received emails.

I have tried creating an ACL to sys_email table that checks if the criteria are met for the user but while I can prevent user from seeing the sys_email-record itself, activity log  bypasses the ACL when it comes to emails. So  it still shows senders address and other details and the show email details  -link will show the full email with no regard for ACLs.

 

One "solution" I have is to on client side during onLoad remove the emails' html elements from the page. But this happens after the emails contents have been loaded to page  so somebody with know-how can still read the identifying details from the email from the browsers console.

 

Anybody got any ideas how to go about  blocking the email details from being sent to client that should not see these email details?

Labels:
0 Helpfuls
  • 3,164 Views
6 REPLIES 6

Aditya Telideva
ServiceNow Employee
ServiceNow Employee

‎10-24-2017 05:58 AM

Hi Jaakko,


I have found an interesting way to do this :



create an UI policy on Incident with the following configuration:



Conditions:


Assigned to, is not, javascript:gs.user_id(); AND


caller, is not, javascript:gs.user_id();



Script:




  1. function onCondition() {  
  2. $j("[name='z*email*']").html(""))  
  3. }  


This will remove the entire section of the email of each email sent/received. z*email* is the name of the div tag that contains the body of the email. I am okay to leave the header of the email sent in the activity log. I guess I can hide it if I want to, but I prefer to leave it. I assume you can use this method to fitter out or hide cetain information from the email in the activity log, just do a find and replace in html()


Let me know if this works...


Aditya Telidevara


0 Helpfuls

jaakko_jalo
Tera Contributor
In response to Aditya Telideva

‎10-24-2017 06:03 AM

Hi,



UI Policy works on client side. If the user knows what they are doing, they can check the header details of the email from the browser console.



Br,


-Jaakko


0 Helpfuls