Is there a way to restrict attachments based on user role or group?

Christopher Sik · ‎03-25-2022

We would like to restrict the types of attachments non-itil users can attach to records in ServiceNow. But we would like to offer a larger list of allowable attachments for our itil users. I know attachments can be restricted in the security hardening settings. But the list applies to all users regardless of role or group.

Filipe Cruz · ‎03-25-2022

I would see two possible ways to achieve this:
- Create ACLs to prevent specific attachments from being created;
- Customize the "attachments" ui page to check the attachment being added and prevent it from being created (when specific conditions are met)

Can any of these options be a solution for you?

Christopher Sik · ‎03-25-2022

Possibly. But I would need to know more about those options to know for sure. Is there documentation anywhere on how to set those up. Ideally I would want a no code option and avoid customizations.

Thanks for the quick reply!

Filipe Cruz · ‎03-25-2022

@Christopher Sikora
I would say you'll need to customize in order to get that behavior.
The default system property will manage the attachment extensions for all users. If you want to have two possible sets of attachment extensions based on the user role, then you'll need to create the necessary rules and objects for that.

I forgot the option to use a before insert Business Rule!!

That would be something like:
- Create a system property with a list of allowed extensions for non-itil users
- Create a before insert BR to check that if the user performing the actions is a non-itil user and the file extension is not in the system property, the insert action will be aborted.

That might be faster and easier to implement!

Let me know if that helps!