GlideRecordSecure considers set limit first and checks the ACLs next

Go to solution
Suchitha Challa
ServiceNow Employee
ServiceNow Employee

‎07-11-2024 11:07 PM

Hi everyone,

Does GlideRecordSecure apply ACLs only when we try to access the records? I was trying to get the top 5 records from a table that should have read access. However, when I added the set limit to the query, it retrieved the top 5 records that included the ones which failed the ACLs as well. It seems the ACLs are being applied only when we access the record. In the below code snippet after the query the getRowCount is 5 but after adding the records to the array the length is 2 as the user have access to only those 2 among the 5 records. But the intention here was to show all the 5 accessible records where 5 is the recordsearchlimit.

 

const recordsGr = new GlideRecordSecure(table);
recordsGr.addEncodedQuery(filterCondition);
recordsGr.setLimit(this.recordSearchLimit);
recordsGr.query();
const dropdownOptions = [];
while (recordsGr.next()) {
dropdownOptions.push({
id: recordsGr.getUniqueValue(),
});
}
 

Thanks,

Suchitha.

0 Helpfuls
  • 729 Views
1 ACCEPTED SOLUTION

Go to solution
OlaN
Giga Sage
Giga Sage
In response to Suchitha Challa

‎07-12-2024 12:10 AM

If the main issue is to stop processing records after some limit is set, you do a workaround with a counter variable, that stops the processing after a given number of records have been added to the array.

 

And yes, retrieving all records is of course slower than retrieving a small number of records, so it will affect performance in a way, but all this is happening in the backend, so the impact to the user is not so big.

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
OlaN
Giga Sage
Giga Sage

‎07-11-2024 11:51 PM - edited ‎07-11-2024 11:53 PM

Hi,

This kind of makes sense, the ACL is evaluated when you are performing an action (such as trying to read the record).

You can easily work around this by adding an extra check, like below:

 

if (yourGlideRecordObject.canRead()){
// perform logic here
}

 

 before adding the items to the array.

Then you will only get records available as per ACL permissions.

0 Helpfuls

Go to solution
Suchitha Challa
ServiceNow Employee
ServiceNow Employee

‎07-12-2024 12:00 AM

Thanks for the quick response. But how do we accommodate set limit in that case. If I remove set limit and get all records later check for canRead would't that impact the preformance?

 

0 Helpfuls

Go to solution
OlaN
Giga Sage
Giga Sage
In response to Suchitha Challa

‎07-12-2024 12:10 AM

If the main issue is to stop processing records after some limit is set, you do a workaround with a counter variable, that stops the processing after a given number of records have been added to the array.

 

And yes, retrieving all records is of course slower than retrieving a small number of records, so it will affect performance in a way, but all this is happening in the backend, so the impact to the user is not so big.

0 Helpfuls

Go to solution
Suchitha Challa
ServiceNow Employee
ServiceNow Employee
In response to OlaN

‎07-12-2024 12:41 AM

Thank you!

0 Helpfuls