GlideRecordSecure considers set limit first and checks the ACLs next

Go to solution
Suchitha Challa
ServiceNow Employee
ServiceNow Employee

‎07-11-2024 11:07 PM

Hi everyone,

Does GlideRecordSecure apply ACLs only when we try to access the records? I was trying to get the top 5 records from a table that should have read access. However, when I added the set limit to the query, it retrieved the top 5 records that included the ones which failed the ACLs as well. It seems the ACLs are being applied only when we access the record. In the below code snippet after the query the getRowCount is 5 but after adding the records to the array the length is 2 as the user have access to only those 2 among the 5 records. But the intention here was to show all the 5 accessible records where 5 is the recordsearchlimit.

 

const recordsGr = new GlideRecordSecure(table);
recordsGr.addEncodedQuery(filterCondition);
recordsGr.setLimit(this.recordSearchLimit);
recordsGr.query();
const dropdownOptions = [];
while (recordsGr.next()) {
dropdownOptions.push({
id: recordsGr.getUniqueValue(),
});
}
 

Thanks,

Suchitha.

0 Helpfuls
  • 735 Views
1 ACCEPTED SOLUTION

Go to solution
OlaN
Giga Sage
Giga Sage
In response to Suchitha Challa

‎07-12-2024 12:10 AM

If the main issue is to stop processing records after some limit is set, you do a workaround with a counter variable, that stops the processing after a given number of records have been added to the array.

 

And yes, retrieving all records is of course slower than retrieving a small number of records, so it will affect performance in a way, but all this is happening in the backend, so the impact to the user is not so big.

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
OlaN
Giga Sage
Giga Sage
In response to Suchitha Challa

‎07-12-2024 12:43 AM - edited ‎07-12-2024 12:56 AM

Did some additional testing, since I haven't played with GlideRecordSecure that much.
And I can confirm your finding. The setLimit method does run before the ACL is evaluated.
So first it retrieves a set number of records, then when processing each one of them, the ACLs are evaluated, and returns results according to which records that actually can be read.

This does not happen if you don't use the setLimit, if for example you only use a addEncodedQuery it will automatically return a result which contains only those records that can be read according to ACLs.

Might be something to improve in the product, as I would have expected it to work the same way with setLimit,

0 Helpfuls

Go to solution
Suchitha Challa
ServiceNow Employee
ServiceNow Employee
In response to OlaN

‎07-12-2024 01:07 AM

 

Thank you for confirming. As a workaround, I'll use a counter or the canRead() method on GlideRecordSecure to ensure that only records that can be read according to ACLs are processed. This approach should help mitigate the issue with the setLimit method for now.

0 Helpfuls