getRowCount() incorrect when using GlideRecordSecure()

Nikolay Megdano · ‎06-18-2020

Hi,

When we have some row level security ACLs on a table we can use GlideRecordSecure() to iterate over the rows on which the user has permissions without having to explicitly put if statement to check if gr.canRead() for every gr.next() in the loop. This is great but if we do a gr.getRowCount() it returns the count without subtracting the records which the user is not allowed to see. Here is one example for better understanding:

var table = "someTable";
/*lets say this table has 6 records. 4 records with field u_active=true 
and 2 records with field u_active=false */
/*create row level ACL which based on the user role will restrict this role 
to access only the records where u_active=true(in total this role should 
have access to 4 records)*/


var grs = new GlideRecordSecure(table);
grs.query();
console.log('GRS: ' + grs.getRowCount()); /* this will return 6 (which is wrong  
because the user doesn't have permissions to 2 of the records) */

var scnt = 0; //create manual counter to increase on grs.next()
while(grs.next()){
	scnt++;
}
console.log('GRS Manual Count: ' + scnt); /* this will return 4 which is correct 
because the iteration skips the records to which we don't have permissions */


//compare with GlideRecord
var gr = new GlideRecord(table); //this will return 6
gr.query();
console.log('GR: ' + gr.getRowCount());

var gcnt = 0;
while(gr.next()){
	gcnt++;
}
console.log('GR Manual Count: ' + gcnt); //this will return 6

So the question is how to get the correct row count when using the GlideRecordSecure. Iterating and calculating it manually like in the example above is not an option because we might have large data set and use pagination.

I was thinking also to use GlideAggregate somehow but couldn't think of a way.

Any help is appreciated. 🙂

Dhananjay Pawar · ‎06-19-2020

Hi,

This is two years old thread, have a look on this.

https://community.servicenow.com/community?id=community_question&sys_id=62dd3569dba0ab8ca39a0b55ca96...

Thanks,

Dhananjay.

Nikolay Megdano · ‎06-19-2020

Hi there,

Thanks for the hint but I've looked at this thread and it is unanswered.

What was suggested in one of the replies will help only to check if the user has access to the whole table but not check the row level ACLs.

Hren · ‎06-19-2020

Hi Nikolay,

This scenario is mentioned in the documentation for GlideRecordSecure:

and as couldn't see it in your code, please confirm that you have tried it in order to avoid it as possible answer:

Here is the link: https://docs.servicenow.com/bundle/jakarta-application-development/page/script/glide-server-apis/con...

"Non-writable fields" section.

Regards,

Vlad.

Jaspal Singh · ‎06-19-2020

Hi Nikolay,

Good point as even I tried looking after your question & found 2 links that helps.

Link 1 which talks about its use while Link 2 suggests to used it inside loop

In addition can you try below once in your code for a check by replacing the GlideRecordSecure part.

var grs = new GlideRecordSecure(table);
grs.query();
//console.log('GRS: ' + grs.getRowCount()); /* this will return 6 (which is wrong  
because the user doesn't have permissions to 2 of the records) */

//var scnt = 0; //create manual counter to increase on grs.next()
while(grs.next()){
console.log('GRS :' +grs.getRowCount()); //get count once inside the loop
	//scnt++;
}
//console.log('GRS Manual Count: ' + scnt);

Nikolay Megdano · ‎06-19-2020

Hi there,

Thanks for the information but unfortunately it doesn't help in the use case explained above. 😞 The proper total count can't be retrieved without iterating.