Restrict access to some attachments in the sys_attachment table to a group

ZieldeCrz
Kilo Explorer

‎07-07-2014 02:35 PM

Hi,

I have a before query business rule to restrict access to some incident to a group and that works great.   Now I am trying to restrict the same group to see   attachments of those incidents in the sys_attachment table. I have

I do not know how to restrict access to those attachments.

 

so far I created a before query business Rule in the sys_attachment table with no luck. Can anybody see what i am doing wrong and give me a hint what i should do.

 

findATT();

function findATT() {

  var att = new GlideRecord('sys_attachment');

  att.addQuery('table_name', 'LIKE', 'incident');

  att.query();

  while (att.next()) {

  var apre= new GlideRecord('incident');

//query   incidents assigned to this group and are in the sys_attachment table

  apre.addQuery('assignment_group', '=','726a958a40f3680003aaf8ce7eaf96c0');

  apre.addQuery('sys_id',att.table_sys_id)

  apre.query();

  while(apre.next()){

  gs.log("***************************************************");

  gs.log("found attch: " + att.table_sys_id.getDisplayValue() + " found: " + apre.number.getDisplayValue());

  //what should i code here to restrict access to those attachments

  }

  }

}

}

 

thank you for any help.

Magdalena

Labels:
0 Helpfuls
  • 2,782 Views
5 REPLIES 5

She Sull
Giga Guru

‎07-07-2014 03:12 PM

Magdalena,




Do you want it so that the group cannot see any attachments on the Incident table or so that they can see some attachments?




Thanks,




- Sherry


0 Helpfuls

ZieldeCrz
Kilo Explorer
In response to She Sull

‎07-07-2014 06:15 PM

hi Sherry,



Thanks for taking the time to dig into this with me.



This is what i want ... only users who belong to the same group as the incidents with attachments are able to see the attachments in the attachment table. For example, a user who belongs to the "hardware" group who is viewing incidents from the hardware group should be able to see all of the attachments to those incidents. On the other hand, a user from the group "help desk", who is not also part of the "hardware" group should not be able to see neither the incidents nor the attachments.



thank you


Magdalena


0 Helpfuls

ohyesu
Kilo Explorer

‎04-22-2015 06:32 AM

I am looking at this as well. Has anyone   limited access to attachments?


0 Helpfuls

TrevorK
Kilo Sage
In response to ohyesu

‎04-22-2015 10:14 AM

We limit access to attachments for a specific table. We perform this through the "script" section of the ACLs on sys_attachment.



I think this is the snippet of code that you would be looking to modify/put in place:


if (current.table_name == 'sys_user') {



   if (gs.hasRole('paa_admin')) {



             return true;



   }



   else {



             return false;



   }



}


This checks for the specific table of the attachment (in our case we have attachments on the user record that we want to limit). We then check if they have a specific role. We have quite a bit of other logic besides this (as I know there are other ways to achieve something this simple) for attachments, this is just the snippet that I think will help you.



You are wanting to limit attachments based on other logic, but the above should show you how it is done. You are just going to put your logic on line 2 instead of our logic.



Hope this helps! Feel free to send me a message and we can always discuss over there / email.


0 Helpfuls