Is there a way to restrict the attachment on ritm to only for requester and assignment group

Go to solution
Appu
Tera Guru

‎01-28-2021 04:31 AM

Hello Experts,

 

Is there a way to restrict the attachment on RITM so that it is visible only to the requester and the assignment group

If possible can anybody help with the method or the script.

0 Helpfuls
  • 3,642 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Appu

‎01-29-2021 12:43 AM

Hi,

Steps

1) Elevate your role to security_admin

2) Then create new Table level READ ACL on sys_attachment

3) Advanced checkbox true

4) Condition as table name -> sc_req_item

5) Script below

answer = checkCondition();

function checkCondition(){

	var isRequestedFor = false;
	var ritmSysId = current.table_sys_id;
	var rec = new GlideRecord('sc_req_item');
	rec.get(ritmSysId);

	if(gs.getUserID() == rec.request.requested_for){
		isRequestedFor = true;
	}

	var isMember = gs.getUser().isMemberOf('Group ABC');

	return (isRequestedFor ||isMember) ? true : false;
}

find_real_file.png

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

Preview file
87 KB
9 REPLIES 9

Go to solution
ccajohnson
Kilo Sage

‎01-28-2021 10:13 AM

Restricting visibility of an attachment record is best handled by an Access Control rule. If all you want to do is restrict the ability to add an attachment, that can be accomplished with the g_form.disableAttachments() method.

0 Helpfuls

Go to solution
Appu
Tera Guru
In response to ccajohnson

‎01-28-2021 11:25 PM

Hi ccajohnson,

 

Its not about restricting the ability to add an attachment, i want the attached document itself to be restricted to all the users execpt to the requester and a particular group.

 

thanks for your reply.

Preview file
2 KB
Preview file
8 KB
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎01-28-2021 11:36 PM

Hi,

So the attachments header should be visible only to the REQ -> Requested For and Members of particular group

You can use this either of below approach

1) Table level READ ACL on sys_attachment

OR

2) Display business rule on sc_req_item and onLoad Client Script using DOM

Display BR:

var isRequestedFor = false;

if(gs.getUserID() == current.request.requested_for){

isRequestedFor = true;

}

var isMember = gs.getUser().isMemberOf('Group ABC');

g_scratchpad.isValidUser = (isRequestedFor ||isMember) ? 'true' : 'false';

onLoad Client Script:

Note: DOM is not recommended practice

1) Ensure Isolate Script field is set to false for this client script to run DOM

2) This field is not on form but from list you can make it false

function onLoad(){

if(g_scratchpad.isValidUser == 'false'){

// code to hide using DOM

g_form.disableAttachments(); // hide the paper-clip icon

gel('header_attachment').style.display = 'none'; // hide existing files

}

}

find_real_file.png

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
Preview file
52 KB
0 Helpfuls

Go to solution
Appu
Tera Guru
In response to Ankur Bawiskar

‎01-29-2021 12:26 AM

Can you help me with the script for table level read acl

0 Helpfuls