Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Unable to write to Attachment table from scoped application

Nichole L
Tera Contributor

‎02-20-2025 12:47 PM

I have a catalog item that allows users to attach a file when submitting their request.  The record producer script then needs to update the table_name and table_sys_id for that attachment record.  When this happens, the user receives the following three error messages:

 

Access to api 'put(sys_attachment.table_sys)id)' from scope 'x_scopeName' has been refused due to the api's cross-scope access policy

Access to api 'put(sys_attachment.table_name)' from scope 'x_scopeName' has been refused due to the api's cross-scope access policy

Write operation against 'sys_attachment' from scope 'x_scopeName' hs been refused due to the table's cross-scope access policy

 

Although updating the Attachment table's Application access policy (can Update) is a fix, this is not an option for me.  

I've tried creating new restricted caller access privileges and cross-scope policies, but none of them have resolved the issue.  There are also none awaiting to be approved.

 

Any insight or recommended actions would be greatly appreciated!

0 Helpfuls
  • 1,099 Views
3 REPLIES 3

Veer
Tera Guru

‎02-20-2025 01:05 PM

@Nichole L 

In which application scope you have created the record producer. Also, why you want to update the table_name and sys_id. could you share the script you are writting on the record producer script?

0 Helpfuls

Nichole L
Tera Contributor
In response to Veer

‎02-21-2025 06:57 AM

@Veer - thanks for reading.

The record producer lives in a custom scope.  The record producer (allowing user to insert attachment) starts in one table (x_table_a), but the resulting task lives in another table (x_table_b).  The record producer script  has to replace the table_sys_id and table_name of the attachment record to point to table b.  So the part of the script it's having trouble  with is:

 

~

~

var att = new GlideRecord('sys_attachment');

att.addQuery('table_sys_id', sys_id);

att.addQuery('table_name','x_table_a');

att.query();

while(att.next()) {

att.table_sys_id = support.sys_id;

att.table_name = 'x_table_b';

att.update();

}

 

I'm not necessarily looking at how to change how it's being done.  Just looking for any guidance on how to allow a custom scoped app to make changes to an Attachment record to prevent the errors we're seeing.  

 

We've since tried to build a number of cross-scope policies but nothing so far has worked.

0 Helpfuls

robertleona
Tera Contributor

‎05-12-2025 09:19 AM

We are experiencing the same issue... it fails due to 'Scope does not have write access to table sys_attachment', even though cross-scope privileges are allowed, and the table allows the operation for 'all applications'

 

Wonder if it is a bug or if the error message is perhaps incorrect, and an ACL might be part of the issue but haven't resolved it yet. 

0 Helpfuls