Unable to write to Attachment table from scoped application
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2025 12:47 PM
I have a catalog item that allows users to attach a file when submitting their request. The record producer script then needs to update the table_name and table_sys_id for that attachment record. When this happens, the user receives the following three error messages:
Access to api 'put(sys_attachment.table_sys)id)' from scope 'x_scopeName' has been refused due to the api's cross-scope access policy
Access to api 'put(sys_attachment.table_name)' from scope 'x_scopeName' has been refused due to the api's cross-scope access policy
Write operation against 'sys_attachment' from scope 'x_scopeName' hs been refused due to the table's cross-scope access policy
Although updating the Attachment table's Application access policy (can Update) is a fix, this is not an option for me.
I've tried creating new restricted caller access privileges and cross-scope policies, but none of them have resolved the issue. There are also none awaiting to be approved.
Any insight or recommended actions would be greatly appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2025 01:05 PM
In which application scope you have created the record producer. Also, why you want to update the table_name and sys_id. could you share the script you are writting on the record producer script?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2025 06:57 AM
@Veer - thanks for reading.
The record producer lives in a custom scope. The record producer (allowing user to insert attachment) starts in one table (x_table_a), but the resulting task lives in another table (x_table_b). The record producer script has to replace the table_sys_id and table_name of the attachment record to point to table b. So the part of the script it's having trouble with is:
~
~
var att = new GlideRecord('sys_attachment');
att.addQuery('table_sys_id', sys_id);
att.addQuery('table_name','x_table_a');
att.query();
while(att.next()) {
att.table_sys_id = support.sys_id;
att.table_name = 'x_table_b';
att.update();
}
I'm not necessarily looking at how to change how it's being done. Just looking for any guidance on how to allow a custom scoped app to make changes to an Attachment record to prevent the errors we're seeing.
We've since tried to build a number of cross-scope policies but nothing so far has worked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 09:19 AM
We are experiencing the same issue... it fails due to 'Scope does not have write access to table sys_attachment', even though cross-scope privileges are allowed, and the table allows the operation for 'all applications'.
Wonder if it is a bug or if the error message is perhaps incorrect, and an ACL might be part of the issue but haven't resolved it yet.
