Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Security: ACLs, Query Business Rules

Number of rows removed due to security constraint

User gets this message in a list of records whenever there is a record user doesn't have rights to view. I.e. there is an ACL restricting access to a record or there in NO ACL granting the access. Let's ignore security mode setting here.

It's a default system beharior.

Would you like to get rid of it? System to count with records user has access to?

Solution 1

Replicate row level read access ACLs to query business rules. Naturally, every query will get controlled. Well-known and suggested solution.

Solution 2

Still rely on ACLs. Use system property to apply them globally or table attribute to specify it locally:

  • glide.security.ui.filter - system property (true|false).
  • glide.security.ui.filter - dictionary attribute (table), no value is required.

Server-side queries may not respect ACLs. GlideRecord doesn't do it. Although, developers may enforce it by dedicated methods to access to record and fields. GlideRecordSecure is a secured version of the class.

Note, it is respected by native UI lists and Service Portal (Data Table widgets), and it is NOT respected by simple-list widget. Keep an eye on it.

UPS! do you know what's the problem with it? It's not documented.

Configuration

Follow the step to set up security UI filter for a table:

  1. From table list or form navigate to Configure > Dictionary
  2. Open table record (Collection type)
  3. Switch to advanced view to get Attributes field available
  4. Fill in glide.security.ui.filter attribute

Credits

Helsinki Patch 5 Changes. List widget did not honor glide.security.ui.filter system property or Dictionary attribute for table to force use of FilteredGlideRecord in lists

Widget from Service Portal - Core package: widget-data-table.

@sadmicrowave

This comment has been minimized.

Copy link

@sadmicrowave sadmicrowave commented Feb 7, 2020

Could you please describe the process to add the glide.security.ui.filter to a table as a Dictionary Attribute on the pm_project table for example? Thanks.

@icerge

This comment has been minimized.

Copy link
Owner Author

@icerge icerge commented Feb 8, 2020

@sadmicrowave, here you go. See the section Configuration in the article. Note, Project table doesn't have special row-level access, but only role based access to all records in the table (unless you customized access model). You can test in OOTB configuration using a basic user without roles.

@idress00

This comment has been minimized.

Copy link

@idress00 idress00 commented Jul 29, 2020

Hi
I use this sys_properties in 2018 and the French team of servicenow told us that we should not use it.
The problem that we have got at that time it's on the table sys_report when we want to go on it it have done an infinity loop wich is cause by an native acl on this table, they were not able to solved the problem and told us we should not use it and also it will do some performance issue...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment