Notifications

26 views

Issue

Symptoms

User with only 'Approver_User' role not able to view the attachment of the change request.

Release

Kingston, London, Madrid

Cause

All the existing ACL's of 'read' type is failing for users with 'approver_user' role and thereby restricting the user to download/view the attachments.

Resolution

In order to change this existing behavior and allow all users with 'approver_user' role to access attachments on their approval record, we need to create a new READ type ACL. This ACL should be defined on the sys_attachment table and should contain 'approver_user' in the roles embedded list and the script should be returning 'true' only if the approval record is associated with a change request and assigned to the current logged in user. The ACL script should be something like below:

var answer = false;
if(current.table_name == "change_request") {
var gr = new GlideRecord('sysapproval_approver');
gr.addEncodedQuery('sysapproval='+current.table_sys_id);
gr.query();
while(gr.next()){
if(gr.approver == gs.getUserID())
answer = true;
}
}

Now, impersonate with 'Approver User' and access any approval record for CHG record that has attachments. The user should be able to view/download the attachments as expected.

 

 

Additional Information

NOTE: This is only one of the ways to achieve this business use case and ServiceNow Administrators are free to make any modifications/tweaks to the SCRIPT of the ACL.

Article Information

Last Updated:2019-08-02 20:40:39
Published:2019-06-13