Skip to content

Instantly share code, notes, and snippets.

Last active November 17, 2021 16:58
Show Gist options
  • Save icerge/ad7d7197c2ad1990c416d1383bbb4ffe to your computer and use it in GitHub Desktop.
Save icerge/ad7d7197c2ad1990c416d1383bbb4ffe to your computer and use it in GitHub Desktop.
Security: ACLs, Query Business Rules

Number of rows removed due to security constraint

User gets this message in a list of records whenever there is a record user doesn't have rights to view. I.e. there is an ACL restricting access to a record or there in NO ACL granting the access. Let's ignore security mode setting here.

It's a default system beharior.

Would you like to get rid of it? System to count with records user has access to?

Solution 1

Replicate row level read access ACLs to query business rules. Naturally, every query will get controlled. Well-known and suggested solution.

Solution 2

Still rely on ACLs. Use system property to apply them globally or table attribute to specify it locally:

  • - system property (true|false).
  • - dictionary attribute (table), no value is required.

Server-side queries may not respect ACLs. GlideRecord doesn't do it. Although, developers may enforce it by dedicated methods to access to record and fields. GlideRecordSecure is a secured version of the class.

Note, it is respected by native UI lists and Service Portal (Data Table widgets), and it is NOT respected by simple-list widget. Keep an eye on it.

UPS! do you know what's the problem with it? It's not documented.


Follow the step to set up security UI filter for a table:

  1. From table list or form navigate to Configure > Dictionary
  2. Open table record (Collection type)
  3. Switch to advanced view to get Attributes field available
  4. Fill in attribute


Helsinki Patch 5 Changes. List widget did not honor system property or Dictionary attribute for table to force use of FilteredGlideRecord in lists

Widget from Service Portal - Core package: widget-data-table.

Copy link

Could you please describe the process to add the to a table as a Dictionary Attribute on the pm_project table for example? Thanks.

Copy link

icerge commented Feb 8, 2020

@sadmicrowave, here you go. See the section Configuration in the article. Note, Project table doesn't have special row-level access, but only role based access to all records in the table (unless you customized access model). You can test in OOTB configuration using a basic user without roles.

Copy link

I use this sys_properties in 2018 and the French team of servicenow told us that we should not use it.
The problem that we have got at that time it's on the table sys_report when we want to go on it it have done an infinity loop wich is cause by an native acl on this table, they were not able to solved the problem and told us we should not use it and also it will do some performance issue...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment