Configure different mobile attachment capabilities on Android devices based on user roles

  • Release version: Zurich
  • Updated July 31, 2025
  • 5 minutes to read

    • Use a combination of system properties and mobile properties to enable different users on Android devices to share, download, or view attachments in external applications based on roles.

    Before you begin

    Role required: admin

    Make sure to select Global as the application scope.

    Identify 2 groups of users:
    Group A: users that CAN: Group B: users that CAN'T:
    • Share and download attachments
    • View attachments in external applications
    • Share and download attachments
    • View attachments in external applications

    About this task

    After you identify the two groups of users, assign different roles to each group of users. You can assign more than one role to each group of users. For information about creating and assigning roles to users, see Create a role.

    Note:
    This feature is available on Android clients, version 19.5.1 and later.

    Procedure

    1. Set the system property glide.sg.block_mobile_attachments_external_viewing to true.
      For more information, see Control whether users can view attachments in external applications on Android devices.
    2. Set the system property glide.sg.block_mobile_attachments_sharing to true.
      For more information, see Block users from downloading or sharing attachments.
    3. On your ServiceNow® instance, navigate to All > sys_sg_properties_list.do.
      The Mobile Properties list appears.
    4. In the Mobile Properties list, select New.
      The Mobile Properties form appears.
    5. On the form, fill in the fields.
      Table 1. Mobile Properties New record form
      Field Description
      Name Name for the mobile property record. Enter exemptedRoles-glide.sg.block_mobile_attachments_sharing to enable sharing/downloading attachments and viewing attachments externally as a configurable feature. You must create it to configure it.
      Note:
      The record name is case-sensitive and must be entered as exemptedRoles-glide.sg.block_mobile_attachments_sharing.
      Application Application scope where the mobile property is applied. To select a different application scope, select the Overflows Menu (Overflows menu image) on the instance banner. Then select Scope selectors > Application scope:application_scope.
      Description Description of the mobile property. Enter a description of the property. For example, Enables sharing/downloading/viewing attachments.
      Type Data type of the mobile property record. Select True/False for the exemptedRoles-glide.sg.block_mobile_attachments_sharing mobile property.
      Value

      Enter the name of role or roles you created for Group A (users who CAN share/download attachments and who CAN view attachments in external applications). If you need to specify multiple roles, enter them in a comma-separated list.

      For example: role1, role2, role3
      Active Whether the mobile property is activated. If the check box is cleared, the mobile property isn't activated for use.
      Is Public

      Determines whether the pre-auth property is included in the API response.

      By default, this option is not selected. If you want this property included in the /pre-auth API response, select this checkbox. For more information, see Adaptive Authentication Events.

      Mobile properties with this checkbox enabled are excluded from the /user_client API response.
      Mobile App Config

      Mobile app configuration that you want to use the mobile property for. This setting limits the mobile property behavior to users who have access to this mobile app configuration. Other users don't have access to this mobile property and instead experience default behavior.

      To enter a value, either start typing the configuration name or select the search icon (magnifying glass image). The search dialog box lists the configurations from which you can choose. Select a configuration for Mobile App Config.
      Mobile Application

      Mobile application that you want to send the mobile property to. This setting limits the mobile property behavior to users who have access to this mobile app. Other users don't have access to this mobile property and instead experience default behavior.

      To enter a value, either start typing the application name or select the search icon (magnifying glass image). The search dialog box lists the applications from which you can choose. Select an application for Mobile Application.
    6. Select Submit.
      The Mobile Properties New record form clears.
    7. In the cleared Mobile Properties New record form, fill in the fields.
      Table 2. Mobile Properties New record form
      Field Description
      Name

      Name for the mobile property record. Enter exemptedRoles-glide.sg.block_mobile_attachments_external_viewing to enable sharing/downloading attachments and viewing attachments externally as a configurable feature. You must create it to configure it.

      Note:
      The record name is case-sensitive and must be entered as exemptedRoles-glide.sg.block_mobile_attachments_external_viewing.
      Application Application scope where the mobile property is applied. To select a different application scope, select the Overflows Menu (Overflows menu image) on the instance banner. Then select Scope selectors > Application scope:application_scope.
      Description Description of the mobile property. Enter a description of the property. For example, Enables sharing/downloading/viewing attachments in external applications.
      Type Data type of the mobile property record. Select True/False for the exemptedRoles-glide.sg.block_mobile_attachments_external_viewing mobile property.
      Value

      Enter the name of the role or roles you created for Group B (users who CAN'T share/download attachments and who CAN'T view attachments in external applications). If you need to specify multiple roles, enter them in a comma-separated list.

      For example: role1, role2, role3
      Active Whether the mobile property is activated. If the check box is cleared, the mobile property isn't activated for use.
      Is Public

      Determines whether the pre-auth property is included in the API response.

      By default, this option is not selected. If you want this property included in the /pre-auth API response, select this checkbox. For more information, see Adaptive Authentication Events.

      Mobile properties with this checkbox enabled are excluded from the /user_client API response.
      Mobile App Config

      Mobile app configuration that you want to use the mobile property for. This setting limits the mobile property behavior to users who have access to this mobile app configuration. Other users don't have access to this mobile property and instead experience default behavior.

      To enter a value, either start typing the configuration name or select the search icon (magnifying glass image). The search dialog box lists the configurations from which you can choose. Select a configuration for Mobile App Config.
      Mobile Application

      Mobile application that you want to send the mobile property to. This setting limits the mobile property behavior to users who have access to this mobile app. Other users don't have access to this mobile property and instead experience default behavior.

      To enter a value, either start typing the application name or select the search icon (magnifying glass image). The search dialog box lists the applications from which you can choose. Select an application for Mobile Application.
    8. Select Submit.

    What to do next

    After updating these properties, the end user must pull to refresh and get the latest feature configurations.