Is it possible to stop the user from being able to download an attachment to their local machine?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-06-2015 07:59 AM
As far as I'm aware, this is dependant on the settings of the browser, but we'd like to control this from Service Now if possible. I have been asked about the potential security risk of people downloading confidential files onto a personal or shared machine. We would like it to be mandatory that files open within the browser window, so that they are not saved on the machine permanently.
- Labels:
-
User Interface (UI)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-06-2015 08:42 AM
I suppose we cannot stop users from being able to download attachments totally, but i guess we can put in some restrictions like:- If you are not the creator of an attachment record OR you are not the member of the current Assignment Group, you will not have Read access to the Attachments, controlled through ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-06-2015 08:55 AM
Thanks Subhajit. The issue here is that we want people to be able to open the attachment, but it would open within the browser window rather the bring up the Save dialog to save the file locally. I guess it's a difficult requirement, as the browser has it's own idea of what it wants to do when the user clicks on an attachment hyperlink. Of course, we could control browser policy through Active Directory, however the issue is what people are doing with files on personal machines, rather than a firm desktop / laptop.
MS Outlook Web Access does have a policy that can enforce this, however it's set in Exchange and I have no idea about the technology that enforces the browser behaviour...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-06-2015 08:51 AM
Short Answer: No. It is not possible to do this. If you can view the information in a web browser, you can save it. Bottom line is that one your browser opens it, you have already saved it to e temporary download space on the local machine.
Longer answer: You are correct that you can certainly neuter the PC/browser settings to do this, but by doing this, you are also going to be limiting a lot of other things that may be needed to do one's job. And even if you did it, there is nothing to stop a window form being copied and pasted into a separate document (or even a screen shot).
You are much better off ensuring (by education and policy) that confidential information is not placed on the server, or that it is encrypted so that only the appropriate persons and groups can view it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-06-2015 09:01 AM
This is effectively the functionality I am trying to mimic:
