ACLs / Security rules should not have GlideRecord/GlideAggregate in script

Swarnalathay
Tera Contributor

‎02-17-2025 12:38 AM

Hi,
I want to avoid database lookups in Access Control rules. Please check the below script. Can we update the code differently (without GlideRecord queries)?


  answer = false;
  var appr = new GlideRecord("sysapproval_approver");
  appr.addEncodedQuery("sysapproval=" + current.sys_id + "^");
  appr.query();
  while (appr.next()) {
    if (appr.approver == gs.user_id()) {
       answer = true;
    }
  }
0 Helpfuls
  • 571 Views
6 REPLIES 6

Pooja58
Kilo Sage

‎02-17-2025 09:13 AM

HI @Swarnalathay ,


Create a server-callable Script Include and move the logic you've written in the ACL script to this Script Include. Then, call the Script Include in the ACL. This approach will help avoid performance concerns and enable you to achieve your requirement without the need for database lookups in the ACL.

This is the best practice as suggested by ServiceNow.

Please mark my answer as correct/helpful if it solves your query.

Best Regards,

Pooja

0 Helpfuls

Kieran Anson
Kilo Patron
In response to Pooja58

‎02-17-2025 09:22 AM

Hi Pooja,

That isn't correct. Although moving the logic to a script include will help in centralising the script, the same performance concerns are present and a database lookup is needed