- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2021 04:31 AM
Hello Experts,
Is there a way to restrict the attachment on RITM so that it is visible only to the requester and the assignment group
If possible can anybody help with the method or the script.
Solved! Go to Solution.
- Labels:
-
Request Management
-
Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2021 12:43 AM
Hi,
Steps
1) Elevate your role to security_admin
2) Then create new Table level READ ACL on sys_attachment
3) Advanced checkbox true
4) Condition as table name -> sc_req_item
5) Script below
answer = checkCondition();
function checkCondition(){
var isRequestedFor = false;
var ritmSysId = current.table_sys_id;
var rec = new GlideRecord('sc_req_item');
rec.get(ritmSysId);
if(gs.getUserID() == rec.request.requested_for){
isRequestedFor = true;
}
var isMember = gs.getUser().isMemberOf('Group ABC');
return (isRequestedFor ||isMember) ? true : false;
}
Regards
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2021 10:13 AM
Restricting visibility of an attachment record is best handled by an Access Control rule. If all you want to do is restrict the ability to add an attachment, that can be accomplished with the g_form.disableAttachments() method.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2021 11:25 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2021 11:36 PM
Hi,
So the attachments header should be visible only to the REQ -> Requested For and Members of particular group
You can use this either of below approach
1) Table level READ ACL on sys_attachment
OR
2) Display business rule on sc_req_item and onLoad Client Script using DOM
Display BR:
var isRequestedFor = false;
if(gs.getUserID() == current.request.requested_for){
isRequestedFor = true;
}
var isMember = gs.getUser().isMemberOf('Group ABC');
g_scratchpad.isValidUser = (isRequestedFor ||isMember) ? 'true' : 'false';
onLoad Client Script:
Note: DOM is not recommended practice
1) Ensure Isolate Script field is set to false for this client script to run DOM
2) This field is not on form but from list you can make it false
function onLoad(){
if(g_scratchpad.isValidUser == 'false'){
// code to hide using DOM
g_form.disableAttachments(); // hide the paper-clip icon
gel('header_attachment').style.display = 'none'; // hide existing files
}
}
Regards
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2021 12:26 AM
Can you help me with the script for table level read acl