restrict access to attachments on ritm

DreDay3000
Giga Guru

‎06-24-2024 05:32 AM

I am trying to write an acl to restrict attachments for users who are not a member of 3 different groups. Also is the ritm is not assigned to you as the requester, the attachments should be restricted. Members of the groups should be able to rename, delete and add documents at any time. The requester/user can not delete attachments after submission or approvals

 

I started with a acl script to restrict but is not working as expected:
if (gs.getUser().isMemberOf('GPC A/BO') && current.cat_item.name == 'Purchase Request') {
    answer = true;
} else {
    answer = false;
}
0 Helpfuls
  • 803 Views
8 REPLIES 8

Yashsvi
Kilo Sage

‎06-24-2024 05:35 AM

Hi @DreDay3000,

please check below links:

https://www.servicenow.com/community/itsm-forum/is-there-a-way-to-restrict-the-attachment-on-ritm-to...

Thank you, please make helpful if you accept the solution.

0 Helpfuls

DreDay3000
Giga Guru
In response to Yashsvi

‎06-24-2024 06:57 AM

Table name isnt available in  the conditions

DreDay3000_0-1719237416906.png

 

0 Helpfuls

Yashsvi
Kilo Sage
In response to DreDay3000

‎06-24-2024 07:02 AM

Hey @OlaN,

please type this table name -> sc_req_item.

Thank you, please make helpful if you accept the solution.

0 Helpfuls

OlaN
Giga Sage
Giga Sage

‎06-24-2024 06:56 AM

Hi,

Using the new security attributes introduced in Vancouver.. (?), you should not need to script this at all.

It can be done with conditions only.

Example below:

acl-group-assignment.png

 

On a side note, restricting attachments is tricky, since they are not part of the record itself, but a record in another table. Be careful and test your solution carefully. You might accidentally restrict the person submitting the ticket from adding attachments.

0 Helpfuls