Restrict attachments on confidential Incident to ITIL user

Priyanka145
Tera Contributor

‎05-10-2022 09:28 AM

Hi All,

I am having a requirement to hide attachments on Incidents for ITIL users, those are confidential incidents. 

I have created a read acl on sys_attachment table where in conditions, I have given table name is Incident.

Could anyone please help me with the script where in I need to check if confidential is true and role is ITIL then attachments should be hidden

For non confidential incidents , ITIL users can see the attachments on Incidents

0 Helpfuls
  • 1,133 Views
5 REPLIES 5

Allen Andreas
Administrator
Administrator

‎05-10-2022 09:35 AM

Hi,

In the script section, you'd need to tap into the field that contains whether it's confidential or not. Is this a checkbox?

if (current.u_confidential && gs.hasRole('itil') && !gs.hasRole('admin')) {
answer = false;
} else if (gs.hasRole('itil')) {
answer = true;
}

So the above would look at your confidential field and if it's true AND they have itil AND they don't have admin (as admin has itil as well), then they can't see the record.

Otherwise, they can see it if they have itil role. The above is an example you can take from here.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Priyanka145
Tera Contributor
In response to Allen Andreas

‎05-10-2022 06:58 PM

Hi Allen, Thanks  for the script, I have added as below, but still ITIL users are able to view attachments on incident record even if they are confidential. Any other modifications are still required?

 

find_real_file.png

Preview file
37 KB
0 Helpfuls

Anil Lande
Kilo Patron
In response to Priyanka145

‎05-10-2022 07:13 PM

Hi,

As the ACL is on sys_attachment table and u_confidential field in in incident table then using current.u_confidential in ACL will not work.

You need to use script like below:

var isConfidential;
if(current.table_name == 'incident'){
   var parentRecord = new GlideRecord('incident');

   if(parentRecord.get(current.table_sys_id))
      isConfidential = parentRecord.u_confidential;

   if(isConfidential =='true' && !gs.hasRole('admin') && gs.hasRole('itil'))
   answer=false;

}

 

Also make sure no other ACL is not giving access to user.

 

Thanks,
Anil Lande

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande
0 Helpfuls

Priyanka145
Tera Contributor
In response to Anil Lande

‎05-10-2022 07:37 PM

Hi Anil,

I have tried with this script as well, but its not satisfying my condition .

And I see no other read acl on sys_attachment table is giving access to user.

Even I tried with below script, but still no luck

answer = checkCondition();

function checkCondition() {
var gr = new GlideRecord('incident');
gr.addQuery("sys_id", current.table_sys_id);
gr.query();
if (gr.next()) {
if (gr.u_confidential && gs.hasRole('itil') && !gs.hasRole('admin')) {
answer = false;
} else if (gs.hasRole('itil')) {
answer = true;
}
}
}

 

0 Helpfuls