Block scripted changes to a record
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2025 12:40 PM
Hi!
I have a requirement to block scripted changes to records that match a certain criteria. That is, i want to be able to block administrators from changing the record using, for example, a background script. There are ACL:s in place that only allow elevated users to change the record but GlideRecord queries bypass them.
The requirement is to only allow admin users with elevated access to change the records from a form or from a list. All the other records in the table should function as normal.
Is there any way to achieve this?
Regards
Ola
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2025 01:01 PM
Hi oliolio,
That’s an interesting requirement. Unfortunately, it may be difficult to fully enforce, since users with the admin role can typically override or disable most restrictions.
While the admin role cannot be marked as an elevated privilege role in the same way as security_admin (see: Elevated privilege roles), you can require users with the admin role to manually elevate after login. See: Force administrators to manually elevate.
If you're looking to limit what admins can do, consider alternatives like:
Scoped Applications with role-based access
Logging and alerting for high-privilege actions
Using security_admin for sensitive configuration access and managing it more strictly
If this helps, feel free to give it a helpful vote. And if it solved your issue, please mark it as the accepted solution.
Thanks,
Daniel Madsen
