Hrsd Customisation

mahy
Tera Contributor

‎07-03-2025 08:53 AM

Hi Team,

Please help how to achieve below

 

1. Add a "Confidential" tag option that can be applied to a case.

 

2. When a case is tagged as Confidential, restrict access to attached documents within that case.

 

3. The restriction should apply only to users outside the Assignment Group - meaning only members of the Assignmen or download the attachments in confidential cases.

0 Helpfuls
  • 307 Views
3 REPLIES 3

Harmeet2Singh
Tera Expert

‎07-03-2025 10:56 AM - edited ‎07-03-2025 11:07 AM

Create one read ACL on sys_attachment table

Applies to: table name   is   sn_hr_core_case

Role: snc_internal

Advanced true

Script:

 

answer = true;
var le = new GlideRecord("label_entry");
le.addEncodedQuery('urlLIKE' + current.table_sys_id);
le.query();
while (le.next()) {
    var ll = new GlideRecord("label");
    ll.get(le.label);
    if (ll.name.toLowerCase() == 'confidential') {
        answer = false;
        var gr = new GlideRecord('sn_hr_core_case');
        gr.get(current.table_sys_id);
        if (gs.getUser().isMemberOf(gr.assignment_group)) {
            answer = true;
        }
    }
}

Please mark this response as correct or helpful if it assisted you with your question.

0 Helpfuls

abirakundu23
Mega Sage

‎07-03-2025 11:48 PM

Hi @mahy ,
Please follow the below steps.
1. Create custom field "Confidential" (true/false) on case table.

2. Create read ACL on "sys_attachment" table and member of the user only able to see and download the attachment.

(function() {
var tableName = current.table_name;
var sysId = current.table_sys_id;

// Only restrict for case attachments
if (tableName !== 'sn_hr_core_case') {
return true;
}

var caseGR = new GlideRecord('sn_hr_core_case');
if (!caseGR.get(sysId)) {
return false;
}

// If not marked confidential, allow access
if (!caseGR.u_confidential) {
return true;
}

// Check if user is in Assignment Group
var group = caseGR.assignment_group;
if (!group) {
return false;
}

return GlideUser.hasRole('admin') || new GlideRecord('sys_user_grmember')
.addQuery('group', group)
.addQuery('user', gs.getUserID())
.query() && new GlideRecord('sys_user_grmember').next();
})();


Please mark helpful and correct answer if it's worthy for you.

0 Helpfuls

Daniel Miletic
Tera Contributor

‎07-03-2025 11:59 PM

With this requirements, the user who uploaded the attachment might not be able to see his own attachment.

 

What with closed hr cases? Only the last group who has worked has the access on the files and should they stil? 

You should ask if requirement 3 should be added with "or the role HR Admin". 

 

 

0 Helpfuls