Users on watchlist of RITM's are able to view the RITM but not the attachment.

Nitesh Balusu · ‎07-10-2018

Hello,

We have non ITIL users who are added to watchlist on RITM's. These users even without ITIL role are able to view the RITM but are unable to view the attachments on the RITM. Is this something out of box that servicenow allows partial access to the RITM's?

Aren't non ITIL users even denied viewing access? Please let me know how we could solve this problem and allow users to view the attachments as well. We do not want to give too much access to these users as well where they could end up looking at attachments on all tables if they are given access to the attachment table.

Thanks.

Brian Lancaster · ‎07-10-2018

Only on tables where they are in a watch_list that comes from the task table eg, Incident, RITM would be an example. What you could do is as a condition to the ACL of Table Name is sc_req_item. This way it will only run that code on the attachments that are part of the requested item table.

Nitesh Balusu · ‎07-10-2018

Thanks will try that!

nyancer3 · ‎07-10-2018

The script in your ACL should focus on the target record. You should be able to use the GlideRecord canRead method, like:

// Get a GlideRecord object for the record linked to the attachment
var trg = new GlideRecord(current.getValue('table_name'));

// Make sure the table is valid, otherwise you will get an error.
// Images stored in fields, like catalog images, are stored with a table name like ZZ_YY[table_name] and will cause your script to fail.

if (trg.isValid()){

trg.get(current.getValue('table_sys_id'));

// Return true if the user can read the record linked to the attachment, false if not
return trg.canRead();
} else {
// If this is not a valid table, don't show it. Other ACLs should grant access in this case.
return false;
}

Nitesh Balusu · ‎07-10-2018

Thanks! Will check it out.

Nitesh Balusu · ‎07-12-2018

Hey Nyancer,

I am little confused with your script, can you post it more specifically please?

Thanks!