Restrict view of attachments

Go to solution
Maria DeLaCruz
Tera Guru

‎03-06-2015 01:21 PM

Hi,

Need some help on restricting visibility of attachments.   For the Self-Service view of an incident, we would like an ESS user to be able to see only attachments they've added themselves to their incident, but not the ones that others (like ITIL users) have added.   But, the ITIL users should be able to see all attachments to incidents.   Any suggestions on how we can do this?

Thanks,
Maria

0 Helpfuls
  • 6,331 Views
1 ACCEPTED SOLUTION

Go to solution
edwin_munoz
Mega Guru

‎03-06-2015 02:09 PM

I'm not completely sure that this will work but I think it is a good starting point



Create a business rule with the following information:



Name: Hide attachments to ESS users


Active: True


Advanced: True


Table: sys_attachment (Attachments)



Condition: !gs.hasRole("itil") && gs.getSession().isInteractive()



Script:



hideAttachments();






function hideAttachments(){



         var answer = 'sys_created_by=' + gs.getUserName();



         current.addEncodedQuery(answer);



}


EDIT: I just tested this, it works. Only problem is that users that doesn't have itil role will not be able to see attachment from others in the whole instance. Is this a problem? I'll think on how to fix this.


View solution in original post

15 REPLIES 15

Go to solution
Mike Pottorf
Tera Contributor
In response to edwin_munoz

‎06-01-2015 09:14 AM

Hi Edwin,



That worked perfectly.   Thanks for getting back to me.   I appreciate your help.


0 Helpfuls

Go to solution
Mike Pottorf
Tera Contributor
In response to edwin_munoz

‎06-02-2015 12:22 PM

Hi Edwin,



One more question for you.   The business rule works perfectly for our ESS users.   However, we allow ITIL users to submit self-service forms and we would like to block attachments on these forms as well.   We have tried to modify the script to include view == ess as one of the conditions to fire the business rule but we are having no luck.   My guess is since we are querying the sys_attachment table that information is not available to check that condition.   If you have any suggestions or thoughts on the matter we would appreciate it.



Thanks again,


Mike


0 Helpfuls

Go to solution
samwallace881
Giga Expert
In response to edwin_munoz

‎11-17-2016 09:38 AM

This did not work for me....what in this function is hiding the attachment?


  1. hideAttachments();  
  2.  
  3. function hideAttachments(){  
  4.         var answer = 'sys_created_by=' + gs.getUserName();  
  5.         current.addEncodedQuery(answer);  
  6. }  
0 Helpfuls

Go to solution
ariqbal
Kilo Contributor
In response to edwin_munoz

‎05-17-2017 10:16 PM

Hi,



This looks like something I'd in mind ie restricting ESS user to only the attachment they upload. However I would also want to have ESS user be able to view some attachment that the ITIL user had uploaded that may help them to resolve their incident; such as a screencapture or a doc/pdf file.



Is there such a way to allow such "tagging" to attachment that will be visible to ESS uploaded from a ITIL user?


0 Helpfuls

Go to solution
samwallace881
Giga Expert
In response to ariqbal

‎05-18-2017 07:22 AM

You could make an ACL that looked to see if the attachment was uploaded by the current Assigned To or something of that nature.


0 Helpfuls