The Now Platform® Washington DC release is live. Watch now!
‎02-13-2017 02:57 AM
Hi folks,
I'm looking to restrict visibility of attachments (specifically on the change_request table, but equally applicable on any other table) by role. Basic premise is that if you don't have a role called change_attachments, you don't get to see attachments on any change record.
I've found this thread which looks like it might work and adjusted the role as per below, but attachments are visible to all users with access to the table (ie, itil users).
Any suggestions to restrict attachments on the change table to only those with this role?
Business Rule
When to run: before (query)
Condition: !gs.hasRole('change_attachments') && (current.table_name == 'change_request')
Script:
function onBefore(current, previous) {
//This function will be automatically called when this rule is processed.
hideAttachments();
function hideAttachments(){
var answer = 'sys_created_by=' + gs.getUserName();
current.addEncodedQuery(answer);
}
}
Solved! Go to Solution.
‎02-13-2017 03:07 AM
There are ACLs on sys_attachment table you might want to look at them & try restricting attachments from there..may be one of those are kind of overriding the effect of BR
‎02-13-2017 03:01 AM
On which table have you created this BR?
‎02-13-2017 03:04 AM
Hi Sumit - I've based the rule on the sys_attachment table at first (as per the other thread) but have also tested on the change_request table. No luck either way... I get the feeling I'm missing something obvious.
‎02-13-2017 03:07 AM
There are ACLs on sys_attachment table you might want to look at them & try restricting attachments from there..may be one of those are kind of overriding the effect of BR
‎02-27-2017 01:11 AM
Thanks folks - this is pretty much what I ended up doing. The OOTB ACL was already modified with a fair bit of scripting based on roles; I added in my basic part and it all works perfectly. Thank you for your input!