Hi All,

Has anyone implemented this, I also have same requirement where I need to add one check box on Attachment form which changes value in a field on Attachment table (created a new check box field to identify which attachment to be restricted ). Please let me know how can I add a check box on Attachment form and how can I pass value from the check box when selected as 'true' to attachment table.

Please suggest.

Hi All,

I too have the same requirement where I need to restrict access to download attachment for some users ,

Please let me know if anyone has leads on it . 

If ACLs will not work for you, another option is to use a Before Query Business Rule to limit access to the sys_attachment table. For my example, I added a field to the sys_attachment table called u_sensitive. It is a true/false field that can be set through whatever mechanism is appropriate. I then added a Query Business Rule on the sys_attachment table, and it does a check to see if the user is an Employee or a Contractor, by calling a custom Script Include that does a lookup of the user in the sys_user table, checking the value of a custom field called u_employee_contractor. If that field contains "EMP", it will return true to the Business Rule. If it contains anything else (e.g. "CONT"), it will return false, which will then cause the Business Rule to add u_sensitive=false to the query.

Script Include:

	IsUserAnEmployee: function(UserSysID) {
		var isUserEmployee = false;
		var grUserTable = new GlideRecord('sys_user');
		grUserTable.addQuery('sys_id',UserSysID);
		grUserTable.query();
		if(grUserTable.next()) {
			if(grUserTable.u_employee_contractor == "EMP") {
				isUserEmployee = true;
			}
		}
		return isUserEmployee;
	},

Business Rule:

	if (new CustomUserUtils().IsUserAnEmployee(gs.getUserID()) == false) {
		current.addQuery('u_sensitive',false);
	}