- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2024 06:04 AM
All,
I have a request to restrict access to attachments in only one form. This is not to be done to all forms only one. The attachments should only be viewable or accessible. Is this something that can be done at the requst level for one request? Or is this something that would be for all requests? I found the below link but looks to be for all requests.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2024 11:42 PM
Maybe this code can help you get a start (script field on your read acl). You will just have to add your catalog item condition in there:
(function() {
var attachmentGR = new GlideRecord('sys_attachment');
if (attachmentGR.get(current.sys_id)) {
var tableName = attachmentGR.getValue('table_name');
var tableSysId = attachmentGR.getValue('table_sys_id');
// Check if the user is the creator of the attachment
if (attachmentGR.getValue('sys_created_by') == gs.getUserID()) {
return true;
}
// Check if the user is a member of the assignment group
if (tableName == 'sc_req_item') {
var reqItemGR = new GlideRecord(tableName);
if (reqItemGR.get(tableSysId)) {
var assignmentGroup = reqItemGR.getValue('assignment_group');
if (gs.getUser().isMemberOf(assignmentGroup)) {
return true;
}
}
}
}
return false;
})();
Do check on your process logic. If catalog tasks are created from the RITM which get the attachments copied, you will also have to apply that logic there.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2024 06:15 AM
The link you are sharing is indeed doing it for all, but it's the only way to go. You could apply more conditions to the code to only apply for your item. You would also need to update the existing one to exclude your item.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2024 07:27 AM
I have been trying to find the condition in the code for the requested item and can not find it. Do you know it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2024 11:42 PM
Maybe this code can help you get a start (script field on your read acl). You will just have to add your catalog item condition in there:
(function() {
var attachmentGR = new GlideRecord('sys_attachment');
if (attachmentGR.get(current.sys_id)) {
var tableName = attachmentGR.getValue('table_name');
var tableSysId = attachmentGR.getValue('table_sys_id');
// Check if the user is the creator of the attachment
if (attachmentGR.getValue('sys_created_by') == gs.getUserID()) {
return true;
}
// Check if the user is a member of the assignment group
if (tableName == 'sc_req_item') {
var reqItemGR = new GlideRecord(tableName);
if (reqItemGR.get(tableSysId)) {
var assignmentGroup = reqItemGR.getValue('assignment_group');
if (gs.getUser().isMemberOf(assignmentGroup)) {
return true;
}
}
}
}
return false;
})();
Do check on your process logic. If catalog tasks are created from the RITM which get the attachments copied, you will also have to apply that logic there.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
