- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-15-2025 03:31 AM
Currently any user (even with no roles) if they have the URL for the attachment table are able to view ALL attachments in the system. We want to restrict the view to only their own records. How to achieve this? For incident, problem and all other ticket types, the view is restricted to those created by the user.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-15-2025 05:17 AM
Check on the ACLs and use those to prevent non-role users to see attachments other than their own.
If you are on Xanadu, you can use deny-unless ACLs to make it easy on yourself.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-15-2025 05:17 AM
Check on the ACLs and use those to prevent non-role users to see attachments other than their own.
If you are on Xanadu, you can use deny-unless ACLs to make it easy on yourself.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-15-2025 05:19 AM
what do you mean by user with no roles?
Did you check any OOB table.None READ ACL on sys_attachment is giving access to these users?
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader