Is it possible to restrict access to attachments on ServiceNow records?

jonw1
Mega Expert

‎10-19-2017 09:45 AM

Our technicians would like to attach a file to an incident or request (for example), but somehow limit the visibility of that attachment.     Is it true that anyone who has access to a given record will be able to open any attachments on that record?     Or is it possible to limit this access somehow?        

Labels:
0 Helpfuls
  • 4,434 Views
9 REPLIES 9

carolina2
ServiceNow Employee
ServiceNow Employee

‎10-19-2017 09:57 AM

Its possible to restrict access to attachments via ACL


jonw1
Mega Expert
In response to carolina2

‎10-19-2017 11:18 AM

Thanks Carolina.     So I guess that (ACLs) is going to provide yes/no access to attachments, but not the flexibility to grant access o a case-by-case basis.     I think our techs would like to make a choice whether an attachment is "public" or "private."


0 Helpfuls

rlatorre
Kilo Sage
In response to jonw1

‎10-19-2017 11:33 AM

In order to secure your attachments as "private" you can store them on your network (controlling access to a shared directory) and attach a .url attachment to the ServiceNow record. We built similar functionality for contracts and other sensitive financial information.You can also attach web URLs (http).



You'll need to modify the attachment UI page. I can supply the code if you are interested.



Note: Doing this will exclude that page from patches and upgrades. You should compare new code delivered from SN to these modifications.



find_real_file.png


Preview file
22 KB

DilipKumar DJ
Kilo Guru
In response to jonw1

‎10-19-2017 11:38 AM

Hi Jon,



In that case you need to restrict via Business rule (before - Query) and use your public/private condition every time it queries.