restrict requestor to delete the attachment

Priyansh_98
Tera Guru

‎06-12-2023 02:46 AM

I want to restrict a user from deleting an attachment from only one specific catalog item and also from the incident table. how can i solve this requirement?

can someone help me on this?

0 Helpfuls
  • 668 Views
9 REPLIES 9

Priyansh_98
Tera Guru
In response to Ankur Bawiskar

‎06-12-2023 11:41 PM

hi @Ankur Bawiskar ,

i received an updated requirement from the client, now they want this attachment security form portal side. in esc portal, we have configured 2 lists for RITM and the case table, when I open any of the records there we have an attachment tab 

 

prs1_0-1686638348124.png

so now i want to hide this attachment tab from the requestor for specific catalog items only. and I am new to the portal, can you guide me how can i solve this. if you can guide me step by step that would be very helpful.

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Priyansh_98

‎06-12-2023 11:50 PM

@Priyansh_98 

for that you need to clone the existing widget, update the logic and then add that widget again on that page

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Priyansh_98
Tera Guru
In response to Ankur Bawiskar

‎06-13-2023 12:55 AM

should i update the client script or the server script?

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Priyansh_98

‎06-13-2023 04:08 AM

@Priyansh_98 

I believe I have already answered your original question.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Riya Verma
Kilo Sage
Kilo Sage

‎06-12-2023 03:46 AM

Hi @Priyansh_98 ,

 

Hope you are doing great.

 

1. create a BR to define custom server-side logic to check for conditions required for deletion of attachments.

(function executeRule(current, previous /*, gs */ ) {
  var restrictedCatalogItemSysId = 'SPECIFIC_CATALOG_ITEM_SYS_ID';
  var restrictedIncidentTableSysId = 'INCIDENT_TABLE_SYS_ID';

  if (current.table_name == 'sc_cat_item' && current.table_sys_id == restrictedCatalogItemSysId) {
    // Restrict attachment deletion for the specific catalog item
    current.canDelete = false;
  } else if (current.table_name == 'incident' && current.table_sys_id == restrictedIncidentTableSysId) {
    // Restrict attachment deletion for the incident table
    current.canDelete = false;
  }
})(current, previous /*, gs */ );

 

2. Define the ACL :

  • Operation: delete
  • Table: sc_cat_item
  • Script: current.canDelete !== false

  • OR: Add the following conditions:

    • Table: incident
    • Script: current.canDelete !== false
  • Save and activate the ACL.

 

 

 

 

Please mark the appropriate response as correct answer and helpful, This may help other community users to follow correct solution.
Regards,
Riya Verma