When not assignee, end or request user or not in the group owner of the ticket, and got assigned a task,we are not able to download attach files(I see the list of files but if we try to download a file, Service Desk shows an error. 

Investigating how to customize the downloading of files we copy functions from upload.js at Program Files (x86)\CA\Service Desk Manager\bopcfg\www\wwwroot\scripts

In this file there is the function get_download_session

In this function in the line 436 we see that is included the parameter +KEEP_ROLE=1. We have seen that this parameter is new in 17.2 version.

If we remove it from the function the downloading from the task works fine.

I have two questions:

- If I remove this parameter, How can it affect other functionalities or security?

- Is there another option to allow download files from a task when you have not access permissions for the call_req object?

Release : 17.2 and higher

Component : SERVICE DESK MANAGER

It can be done override the security/role of SDM however this is is not recommended from support point of view.

Below is what we note as per the questions requested i.e.

Q1.  If I remove this parameter, How can it affect other functionalities or security? 

 "If you remove the parameter, it will affect the security and that is what you are trying to achieve."

Q2. Is there another option to allow download files from a tast when you have not access permissions for the call_req object?

"no other options available"

The modification has impact locally for upload attachment. However, It's a reminder that such kind of customization, in general, is not recommended and not supported. Definitely support will never recommend to modify the script to bypass security.

Tested on 17.2.12 DEV / 17.2.7 PRO and the behaviour is the same.