Enabled High security plugin-in, getting security constraint error for different users

Sandhya Karutu1 · ‎12-29-2015

Hi Team,

we have enabled hi-security plug-in in our instance and found few of the existing users are getting Security constraints error on some of the tables which were working fine earlier. Upon setting the high security plugin property glide.sm.default_mode to allow these issues are resolved for most of the users. However, as part of security best practices we need to ensure the property glide.sm.default_mode is set to deny so that the plug-in is effective as it is meant to be.

In such scenario what can be done as an alternate approach. Adding read ACL on the table for each of the user is not a best approach that i would think of?

Thanks,

Brad Tilton · ‎12-29-2015

Hi Sandhya,

Enabling the high security plugin on an instance where it is not yet enabled is usually a significant effort. In my experience the best practice is to enable it in a sub-prod instance then do extensive testing. When shifting from default allow to default deny there will be many ACLs that need to be added and modified. You will probably have to at least add read ACLs for each of the tables that don't have them and may also have to add write ACLs as well.

Sandhya Karutu1 · ‎12-30-2015

we have enabled high security plug-in for right answers. we do not want to add more ACLs so we set the property glide.sm.default_mode to allow. what would be the impact if we set it to allow for right answers

pratulagarwal · ‎12-30-2015

Regards

Pratul