Skip to content

Instantly share code, notes, and snippets.

@icerge

icerge/number_of_rows_removed.md

Last active November 17, 2021 16:58
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save icerge/ad7d7197c2ad1990c416d1383bbb4ffe to your computer and use it in GitHub Desktop.
Save icerge/ad7d7197c2ad1990c416d1383bbb4ffe to your computer and use it in GitHub Desktop.
Download ZIP
Security: ACLs, Query Business Rules
Raw
number_of_rows_removed.md

Number of rows removed due to security constraint

User gets this message in a list of records whenever there is a record user doesn't have rights to view. I.e. there is an ACL restricting access to a record or there in NO ACL granting the access. Let's ignore security mode setting here.

It's a default system beharior.

Would you like to get rid of it? System to count with records user has access to?

Solution 1

Replicate row level read access ACLs to query business rules. Naturally, every query will get controlled. Well-known and suggested solution.

Solution 2

Still rely on ACLs. Use system property to apply them globally or table attribute to specify it locally:

  • glide.security.ui.filter - system property (true|false).
  • glide.security.ui.filter - dictionary attribute (table), no value is required.

Server-side queries may not respect ACLs. GlideRecord doesn't do it. Although, developers may enforce it by dedicated methods to access to record and fields. GlideRecordSecure is a secured version of the class.

Note, it is respected by native UI lists and Service Portal (Data Table widgets), and it is NOT respected by simple-list widget. Keep an eye on it.

UPS! do you know what's the problem with it? It's not documented.

Configuration

Follow the step to set up security UI filter for a table:

  1. From table list or form navigate to Configure > Dictionary
  2. Open table record (Collection type)
  3. Switch to advanced view to get Attributes field available
  4. Fill in glide.security.ui.filter attribute

Credits

Helsinki Patch 5 Changes. List widget did not honor glide.security.ui.filter system property or Dictionary attribute for table to force use of FilteredGlideRecord in lists

Widget from Service Portal - Core package: widget-data-table.

@idress00
Copy link

Hi
I use this sys_properties in 2018 and the French team of servicenow told us that we should not use it.
The problem that we have got at that time it's on the table sys_report when we want to go on it it have done an infinity loop wich is cause by an native acl on this table, they were not able to solved the problem and told us we should not use it and also it will do some performance issue...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment