Restrict attachment table view to only user records

Go to solution
Sooriya3
Giga Guru

‎01-15-2025 03:31 AM

Currently any user (even with no roles) if they have the URL for the attachment table are able to view ALL attachments in the system. We want to restrict the view to only their own records. How to achieve this? For incident, problem and all other ticket types, the view is restricted to those created by the user. 

0 Helpfuls
  • 531 Views
1 ACCEPTED SOLUTION

Go to solution
Mark Manders
Mega Patron

‎01-15-2025 05:17 AM

Check on the ACLs and use those to prevent non-role users to see attachments other than their own.

If you are on Xanadu, you can use deny-unless ACLs to make it easy on yourself.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
Mark Manders
Mega Patron

‎01-15-2025 05:17 AM

Check on the ACLs and use those to prevent non-role users to see attachments other than their own.

If you are on Xanadu, you can use deny-unless ACLs to make it easy on yourself.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎01-15-2025 05:19 AM

@Sooriya3 

what do you mean by user with no roles?

Did you check any OOB table.None READ ACL on sys_attachment is giving access to these users?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls