The CreatorCon Call for Content is officially open! Get started here.

Restrict attachment visibility based on role

adam_seeber1
Kilo Contributor

Hi folks,

I'm looking to restrict visibility of attachments (specifically on the change_request table, but equally applicable on any other table) by role. Basic premise is that if you don't have a role called change_attachments, you don't get to see attachments on any change record.

I've found this thread which looks like it might work and adjusted the role as per below, but attachments are visible to all users with access to the table (ie, itil users).

Any suggestions to restrict attachments on the change table to only those with this role?

Business Rule

When to run: before (query)

Condition: !gs.hasRole('change_attachments') && (current.table_name == 'change_request')

Script:

function onBefore(current, previous) {

    //This function will be automatically called when this rule is processed.

hideAttachments();  

 

function hideAttachments(){  

        var answer = 'sys_created_by=' + gs.getUserName();  

        current.addEncodedQuery(answer);  

}

}

1 ACCEPTED SOLUTION

There are ACLs on sys_attachment table you might want to look at them & try restricting attachments from there..may be one of those are kind of overriding the effect of BR


View solution in original post

17 REPLIES 17

Hi Adam,



can you give me an example of how you did this in the ACL? I'm trying to accomplish the same for a custom table but I am having no luck.



Any help is appreciated!



Thank you,


Yeny


can u show what you did in the script ACL? and witch OOB  ACL u used please?

amlanpal
Kilo Sage

Hi Adam,



Please modify the script as below and try again. Make sure you are writing the Business rule in sys_attachment table.




function onBefore(current, previous) {


 


hideAttachments();


}


function hideAttachments(){


        current.addQuery(gs.getUserName());


}



I hope this helps.Please mark correct/helpful based on impact



Hi Amlan,



Thanks for the suggestion - still no luck. I'm going to have to go through the ACL's and take a look as suggested by Sumit.



Does the condition script look about right in my original thread above?



Cheers,


-Adam


Ankur Bawiskar
Tera Patron
Tera Patron

Hi Adam,



Have an ACL which is read ACL on sys_attachment table and select the checkbox of advanced in the script section use this code



getAttachmentReadAnswer();


function getAttachmentReadAnswer() {


// if table is change request and user has this role then this acl evaluates to true and attachments will be seen


if (current.table_name == 'change_request' && gs.hasRole('change_attachments'))


  return true;


}


return false;


}



Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.


Thanks


Ankur


Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader