- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2017 02:57 AM
Hi folks,
I'm looking to restrict visibility of attachments (specifically on the change_request table, but equally applicable on any other table) by role. Basic premise is that if you don't have a role called change_attachments, you don't get to see attachments on any change record.
I've found this thread which looks like it might work and adjusted the role as per below, but attachments are visible to all users with access to the table (ie, itil users).
Any suggestions to restrict attachments on the change table to only those with this role?
Business Rule
When to run: before (query)
Condition: !gs.hasRole('change_attachments') && (current.table_name == 'change_request')
Script:
function onBefore(current, previous) {
//This function will be automatically called when this rule is processed.
hideAttachments();
function hideAttachments(){
var answer = 'sys_created_by=' + gs.getUserName();
current.addEncodedQuery(answer);
}
}
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2017 03:07 AM
There are ACLs on sys_attachment table you might want to look at them & try restricting attachments from there..may be one of those are kind of overriding the effect of BR

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-19-2017 10:03 AM
Hi Adam,
can you give me an example of how you did this in the ACL? I'm trying to accomplish the same for a custom table but I am having no luck.
Any help is appreciated!
Thank you,
Yeny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-13-2023 04:30 AM
can u show what you did in the script ACL? and witch OOB ACL u used please?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2017 03:12 AM
Hi Adam,
Please modify the script as below and try again. Make sure you are writing the Business rule in sys_attachment table.
function onBefore(current, previous) {
hideAttachments();
}
function hideAttachments(){
current.addQuery(gs.getUserName());
}
I hope this helps.Please mark correct/helpful based on impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2017 03:25 AM
Hi Amlan,
Thanks for the suggestion - still no luck. I'm going to have to go through the ACL's and take a look as suggested by Sumit.
Does the condition script look about right in my original thread above?
Cheers,
-Adam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2017 03:39 AM
Hi Adam,
Have an ACL which is read ACL on sys_attachment table and select the checkbox of advanced in the script section use this code
getAttachmentReadAnswer();
function getAttachmentReadAnswer() {
// if table is change request and user has this role then this acl evaluates to true and attachments will be seen
if (current.table_name == 'change_request' && gs.hasRole('change_attachments'))
return true;
}
return false;
}
Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader