What is the OOTB security on the sys_attachment table?

Suzanne H
Giga Guru

I would assume that non-HR users (users without an HR role) would not be able to view attachments to HR Cases and HR Profiles from the sys_attachment_list.do. Does the security on the sn_hr_core_case and sn_hr_core_profile tables apply to attachments?

4 REPLIES 4

Chaitanya ILCR
Kilo Patron

Hi @Suzanne H ,

 

you can check which ACLs are applying on a particular attachment using the access analyzer

 

select sys_attachment table and select the attachment record which is attached to HR table

 

and click on evaluate access

 

it will give you detailed info on what access has been give and what is blocked

 

ChaitanyaILCR_1-1748482158839.png

 

ChaitanyaILCR_0-1748482153623.png

 

you can click on each operation to see which ACLs have provided(or blocked the access)

ChaitanyaILCR_2-1748482406128.png

 

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

 

Sandeep Rajput
Tera Patron
Tera Patron

@Suzanne H ServiceNow enforces security on attachments based on the security of the parent record (i.e., the HR case or HR profile).If a user cannot access the sn_hr_core_case or sn_hr_core_profile record, they will not be able to see or download the attachments either.

@Sandeep Rajput 

Thanks for your response. I agree that the security on attachments should be based on the security of the parent record but we've discovered that it's not working as expected.

 

@Suzanne H If this is the case then I recommend creating the additional read ACLs on the sys_attachment to only grant access when the user has access to the parent record.