Is there a way to restrict the attachment on ritm to only for requester and assignment group

Appu
Tera Guru

Hello Experts,

 

Is there a way to restrict the attachment on RITM so that it is visible only to the requester and the assignment group

If possible can anybody help with the method or the script.

1 ACCEPTED SOLUTION

Hi,

Steps

1) Elevate your role to security_admin

2) Then create new Table level READ ACL on sys_attachment

3) Advanced checkbox true

4) Condition as table name -> sc_req_item

5) Script below

answer = checkCondition();

function checkCondition(){

	var isRequestedFor = false;
	var ritmSysId = current.table_sys_id;
	var rec = new GlideRecord('sc_req_item');
	rec.get(ritmSysId);

	if(gs.getUserID() == rec.request.requested_for){
		isRequestedFor = true;
	}

	var isMember = gs.getUser().isMemberOf('Group ABC');

	return (isRequestedFor ||isMember) ? true : false;
}

find_real_file.png

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

9 REPLIES 9

ccajohnson
Kilo Sage

Restricting visibility of an attachment record is best handled by an Access Control rule. If all you want to do is restrict the ability to add an attachment, that can be accomplished with the g_form.disableAttachments() method.

Hi ccajohnson,

 

Its not about restricting the ability to add an attachment, i want the attached document itself to be restricted to all the users execpt to the requester and a particular group.

 

thanks for your reply.

Ankur Bawiskar
Tera Patron
Tera Patron

Hi,

So the attachments header should be visible only to the REQ -> Requested For and Members of particular group

You can use this either of below approach

1) Table level READ ACL on sys_attachment

OR

2) Display business rule on sc_req_item and onLoad Client Script using DOM

Display BR:

var isRequestedFor = false;

if(gs.getUserID() == current.request.requested_for){

isRequestedFor = true;

}

var isMember = gs.getUser().isMemberOf('Group ABC');

g_scratchpad.isValidUser = (isRequestedFor ||isMember) ? 'true' : 'false';

onLoad Client Script:

Note: DOM is not recommended practice

1) Ensure Isolate Script field is set to false for this client script to run DOM

2) This field is not on form but from list you can make it false

function onLoad(){

if(g_scratchpad.isValidUser == 'false'){

// code to hide using DOM

g_form.disableAttachments(); // hide the paper-clip icon

gel('header_attachment').style.display = 'none'; // hide existing files

}

}

find_real_file.png

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Can you help me with the script for table level read acl