ACLs alone not enough to enforce security model
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Give an example of a situation where ACLs alone were not enough to enforce the security model needed. How did you extend or supplement the controls?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello @CarrieH ,
When you are updating/creating records using background script with GlideRecord at that time acl won't work . If you have to perform operation by considering acl at that time you just need to use GlideRecordSecure .
Some time you also need to use query BR along with acl as mentioned by other members.
Some ootb configurations/table access /sys properties (which servicenow dont want to get manipulated by user/script ) are also secured by servicenow using protection policy .
If this helps you then mark it as helpful and accept as solution.
Regards,
Aditya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @CarrieH ,
I have seen cases where clients request to hide the message that appears in the list view stating that “ Number of rows removed from this list by security constraints.” In such scenarios, we have used Query Business Rules to filter the list results. By applying the filtering at the query level, users only retrieve the records they are allowed to see, which prevents the security constraint message triggered by ACLs from appearing in the list view, which supliments the ACL's.
