- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2018 02:55 PM
Hello everyone!
I need some assistance with a solution to prevent people without a role of 'vndmgmt' from viewing attachments on the sc_req_item table for a particular catalog item "Vendor Review". There should be no restriction on attachments in other catalog items in the same table. I looked into creating an ACL on the sys_attachments table with something like this with no luck. The attachments are still visible to everyone.
getAttachmentReadAnswer();
function getAttachmentReadAnswer() {
if (current.table_name.nil())
return true;
if (current.table_name == 'sc_req_item' && gs.hasRole('vndmgmt') && current.cat_item.name == "Vendor Review")
return true;
return false;
There is another read ACL on sys_attachment with the following code. Can anyone help with this? Is the ACL the best way to do this?
getAttachmentReadAnswer();
function getAttachmentReadAnswer() {
if (current.table_name.nil())
return true;
// If the attachment is from live feed,
// grant it the read access
if (current.table_name == 'live_profile')
return true;
//attachment from HTML variable
if (current.table_name == 'ni')
return true;
// Remove Prefix
var tableName = current.table_name;
var invisible_prefix = "invisible.";
if (tableName.startsWith("invisible."))
tableName = tableName.substring(10);
var parentRecord = new GlideRecord(tableName);
parentRecord.setWorkflow(false);
if (!parentRecord.get(current.table_sys_id)) {
if (current.sys_created_by.equals(gs.getUserName()))
return true;
return false;
}
return parentRecord.canRead();
}
/*** updated per SN Incident number INC2694418
getAttachmentReadAnswer();
function getAttachmentReadAnswer() {
if (current.table_name.nil())
return true;
// If the attachment is from live feed,
// grant it the read access
if (current.table_name == 'live_profile')
return true;
// Remove Prefix
var tableName = current.table_name;
var invisible_prefix = "invisible.";
if (tableName.startsWith("invisible."))
tableName = tableName.substring(10);
var parentRecord = new GlideRecord(tableName);
parentRecord.setWorkflow(false);
if (!parentRecord.get(current.table_sys_id)) {
if (current.sys_created_by.equals(gs.getUserName()))
return true;
return false;
}
return parentRecord.canRead();
}
**/
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2018 01:16 PM
Got it working. Here is the final piece of code I used:
//Check RITM if user created attachment or has vendor management role
if(current.table_name == 'sc_req_item'){
var gr = new GlideRecord('sc_req_item');
if (gr.get(current.table_sys_id)) {
if(gr.cat_item.name == 'Vendor Review Request'){
if(current.sys_created_by == gs.getUserName() || gs.hasRole('vendor_management')){
return true;
}
else{
return false;
}
}
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2018 07:08 PM
Hi,
Check this link if helps.
https://community.servicenow.com/community?id=community_question&sys_id=699eb665db58dbc01dcaf3231f961950
Regards
Prasun
P.S.- Mark Helpful or Correct if helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2018 08:31 AM
Thanks. That link did help. I've added a piece of code to the existing sys_attachment read ACL and it the ACL is preventing users outside of the role to view attachments on the sc_req_item table. However, I need to add another condition to only apply this for a specific catalog item. How can I add that to this script below since there is no catalog item reference on the sys_attachment table?
//Check RITM if user created attachment or has vendor management role
if(current.table_name == 'sc_req_item'){
if(current.sys_created_by == gs.getUserName() || gs.hasRole('vendor_management')){
return true;
}
else{
return false;
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2018 01:16 PM
Got it working. Here is the final piece of code I used:
//Check RITM if user created attachment or has vendor management role
if(current.table_name == 'sc_req_item'){
var gr = new GlideRecord('sc_req_item');
if (gr.get(current.table_sys_id)) {
if(gr.cat_item.name == 'Vendor Review Request'){
if(current.sys_created_by == gs.getUserName() || gs.hasRole('vendor_management')){
return true;
}
else{
return false;
}
}
}
}
