The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Attachment added to the record should only visible to Assigned To list field users

mokshithbejawad
Mega Contributor

‎06-17-2025 09:15 AM

Hi Community,

 

I have a custom table created in my instance "Employee Records", in that there is a custom field called Attachment(Field type: File Attachment), attachments added to that field should be also be added to the record with a prefix "Confidential". I have written a BR to modify the file name and add the attachment to the record.

The attachments added to the record with prefix "Confidential" should only be visible to the user of field "Assigned To"(Field Type: Reference). 

Note: Attachments without prefix "Confidential" should be accessible to other users.

I have tried creating an ACL on attachment table to restrict visibility of the attachments to non "Assigned To" users.

Table : sys_attachment (table.none ACL)

Type: Record

Operation: Read

Applies To Condition: Table name starts with "u_employee_record" AND File name starts with "Confidential"

Role : u_employee_record_user

Script: 

var parentGR = new GlideRecord(current.table_name);
if (parentGR.get(current.table_sys_id)) {
var ans = gs.getUserID() == parentGR.assigned_to.toString();
answer = ans;
}
 
The execution is not entering into the script section, when I impersonated with the person, who is not part of Assigned to, also I am able to see the attachment.
 
Can you please help me to get this achieved. I know its strictly not encouragable to write ACL on Attachments table, but then I have no other choice.
 
Thanks in Advance,
Kumar
0 Helpfuls
  • 245 Views
2 REPLIES 2

Chaitanya ILCR
Mega Patron

‎06-17-2025 10:07 AM - edited ‎06-17-2025 10:11 AM

Hi @mokshithbejawad ,

 

I have tried this with incident table

in the ACL condition use the table names as this ZZ_YYu_employee_record

and use the table name directly in the script 

 

replace incident with your table name 

use the Deny unless ACL just in case if there are any other acls which are allowing the access

ChaitanyaILCR_0-1750178838411.png

 

with script

answer = false;
var parentGR = new GlideRecord('u_employee_record'));
if (parentGR.get(current.getValue('table_sys_id')))
    answer = gs.getUserID() == parentGR.getValue('assigned_to');

this hide the attachment row in the attachment table but the attachment name would still show up in the attachment field in the table but the attachment will not be downloaded when clicked

 

Approach 2

 

I would say create a field level acl on the attachment field on you table and hide the field itself from the users if the attachment name starts with confidential 

 

the attachment field stores the sysid of the attachment 

use the sysid and query the attachment name in the ACLs script and if the name starts with "Confidential"

 

Replace incident with your table name and field with your field name

u_attachment_type is my field name replace that your attachment field name

ChaitanyaILCR_1-1750179493216.png

with script

answer = true;
var attGr = new GlideRecord('sys_attachment');
if (attGr.get(current.getValue('u_attachment_type'))) {
    if (attGr.getValue('file_name').startsWith('Confidential'))
        answer = gs.getUserID() == current.getValue('assigned_to');
}

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

 

Sarathbejawada
Tera Contributor

‎06-18-2025 11:57 PM

 Hi Chaitanya, 

 

Thanks for your response, your solution works :).

0 Helpfuls