Restrict attachment deletion

kunal16 · ‎05-03-2016

I want to restrict the removal of attachment from a change request record. If the current logged in user is not Assigned to, OR not Requester, OR not a member of assignment group, THEN the same user should not be able to remove the attachments (using Manage attachment link on the change request form). How this can be achieved?

TrevorK · ‎05-03-2016

I haven't had a chance to debug but does something like this work:

// Check if change_request table

if (current.table_name == "change_request") {

// Look up the particular change request so we can see the assigned to

var gr = new GlideRecord("change_request");

// current.table_sys_id gives us the sys_id of the change request record

gr.addQuery("sys_id",current.table_sys_id);

gr.query();

if (gr.next()) {

// If the person assigned to the change is the user checking the permissions, return true

if (gr.assigned_to == gs.getUserID()) {

return true;

}

else {

return false;

}

else {

return false;

}

You can toss in some gs.log's or something in there too to see where it is getting in the logic. But without testing it, I think the concept like above will work.

View solution in original post

TrevorK · ‎05-03-2016

"current.table_name" is a string, you cannot reference from it by itself. Within your code you are treating it like a reference field. Unless there is something different about this field, I do not think you can just reference it.

You'll notice in line 41/42 how they use the record's sys_id to look up the record they want to examine. You would have to do something similar with the change request table. If the table is a change request, use the table name and record sys_id to look up the record. This will allow you to do your logic on assigned_to.

Does that make sense?

kunal16 · ‎05-03-2016

Hi Trevor, Thanks for pointing me to that!!! But still I'm unable to achieve the desired by modifying the ACL!

TrevorK · ‎05-03-2016

I haven't had a chance to debug but does something like this work:

// Check if change_request table

if (current.table_name == "change_request") {

// Look up the particular change request so we can see the assigned to

var gr = new GlideRecord("change_request");

// current.table_sys_id gives us the sys_id of the change request record

gr.addQuery("sys_id",current.table_sys_id);

gr.query();

if (gr.next()) {

// If the person assigned to the change is the user checking the permissions, return true

if (gr.assigned_to == gs.getUserID()) {

return true;

}

else {

return false;

}

else {

return false;

}

You can toss in some gs.log's or something in there too to see where it is getting in the logic. But without testing it, I think the concept like above will work.

kunal16 · ‎05-05-2016

Thanks Trevor....it worked!!!! Really appreciate your help.

rajadinesh · ‎08-15-2017

Please help me to achieve this requirement.

1)When a change is "submitted for approval" with attachments, all ITIL users should only have the ability to add new attachments. They should not be able to remove any attachments from the change record

2)Access to remove attachments should only be restricted to the change manager role

3)Users should be able to remove attachments only in Draft state.

I tried with delete acl and onbefore delete business rule but not able to fix it. Please let me know by which action I can achieve this?if possible send script.

Thanks in advance.