How to implement an ACL in order to secure client callable scripts?

runnah · ‎05-27-2016

Hello,

I am currently working on deploying a custom application to the ServiceNow store. I found that we have a script included in the application that is client callable. Based on section 7 Using Access Control Rules - ServiceNow Wiki on this link, I must secure access to this script. However, I cannot find any useful documentation on how to perform this task.

What are the actions needed to take in order to restrict access to this script or is there a different fix to correct this issue?

Thank you for your time,

-Runna

Pradeep Sharma · ‎05-27-2016

Hi Runna,

You have to create a ACL against type "client_callable_script_include" and operation is "execute" against name of the script include. Attached screenshot for reference. Once done secure it via role.

View solution in original post

Chuck Tomasi · ‎05-27-2016

Hi Runna,

In your ACL choose type: client_callable_script_include

The operation field will become read-only with a value of execute. You then specify by role, condition, or script, who has access to execute that script include, just like other ACLs in the system.

http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules

runnah · ‎05-27-2016

Chuck,

Thank you for your prompt response! I have configured an ACL with type client_callable_script_include, but is this the only thing I need to configure to successfully make the script secure?

Thanks,

-Runna

Chuck Tomasi · ‎05-27-2016

Yeah, that's it.

Pradeep Sharma · ‎05-27-2016

Hi Runna,

You have to create a ACL against type "client_callable_script_include" and operation is "execute" against name of the script include. Attached screenshot for reference. Once done secure it via role.