Request catalog item with an unauthenticated user and attach files

Go to solution
Mario Sanz
Tera Expert

‎01-15-2024 07:20 AM

Hello everyone.

 

I have configured an item to public. It can be requested by an unauthenticated user. I manage to make the request, but when attaching a file it gives an error:

POST https://dev201829.service-now.com/angular.do?sysparm_type=ngk_attachments&sys_id=18ee353c937331102f4... 401 (Unauthorized)

 

I have tried leaving the glide.image_provider.security_enabled property to false.
I have tried removing the authentication required check in the attach WS POST.
I have tried giving creation permissions to the public and snc_external role.
All without success.

 

Does anyone know if unauthenticated users can be given permissions to attach files to a public item? If it is possible, how can it be done?
Thank you

 

MarioSanz_0-1705331787093.png

 

0 Helpfuls
  • 1,038 Views
1 ACCEPTED SOLUTION

Go to solution
Mario Sanz
Tera Expert

‎02-22-2024 01:54 PM

Hello @Damian Martinez. Thanks for your help.

 

In the end we solved it by creating a custom widget as a colleague posted here.


It didn't work but once we found the solution, we added the fix so that the widget works in the previous link. Basically you have to create a widget that attaches the file without using the API resource that requires authentication.

 

I hope it helps you.

 

 

View solution in original post

4 REPLIES 4

Go to solution
Damian Martinez
Mega Sage

‎01-15-2024 07:40 AM

Hello @Mario Sanz ,
have you tried debugging security rules to check which ACL is blocking access to attachment table?
Regard,

Damian

0 Helpfuls

Go to solution
Damian Martinez
Mega Sage

‎01-15-2024 07:42 AM

Hello @Mario Sanz further to my comment above, yes I have seen case where unauthenticated users can see attachments from URL, but not sure about uploading to the table.

0 Helpfuls

Go to solution
Mario Sanz
Tera Expert

‎01-16-2024 01:39 AM

Thanks Damian for your comment. What do you mean with "access to attachment table", ACL for table or ACL for End Point? I've tried ACL for sys_attachment without success. And if i should create an ACL for endpoint, I don´t know whata is the name of the endpoint.

0 Helpfuls

Go to solution
Mario Sanz
Tera Expert

‎02-22-2024 01:54 PM

Hello @Damian Martinez. Thanks for your help.

 

In the end we solved it by creating a custom widget as a colleague posted here.


It didn't work but once we found the solution, we added the fix so that the widget works in the previous link. Basically you have to create a widget that attaches the file without using the API resource that requires authentication.

 

I hope it helps you.