GlideRecord addUserQuery, how is it different from query()?

thomaskennedy · 2 hours ago

The Zurich release notes list addUserQuery() as being added to global GlideRecord, and the description on this method is

GlideRecord - addUserQuery(String name, Object operator, Object value)
Provides the ability to enforce an ACL check on a provided query string.

The attached code sample looks at sys_user, which makes sense if we are querying user data, but I am not sure how this is different from just calling query().

var rec = new GlideRecord('sys_user');
rec.addUserQuery("first_name", "=", "Fred");
rec.query();
while (rec.next()) {
  gs.info('Active user ' + rec.getValue('last_name'));
}

Kieran Anson · an hour ago

Hi,

addUserQuery enforces an ACL check to ensure the current user has query_range or query_match on the attributes provided. It's a way to allow a GlideRecord query (no ACL checks) to have a restriction applied, preventing a user from querying data they might not otherwise have access to.

This is useful in UIB components, or even in portal widgets where a query builder condition might be produced, but needs sanitising to ensure a user can't work around access controls