We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

How to stop editing read only fields from browser

Aju Sam
Tera Contributor

‎03-13-2023 02:56 AM

I have created a record producer and have set some fields to read only on field level from the table and to test my problem, I have made one field read-only(Email ID field) using UI policy. The problem is I am able to change the field from read-only to editable in the front end using inspect element, and on submission change is being shown in backend table. That means a user who is restricted to make change to certain fields can make the change using above method. How to prevent this?

AjuSam_0-1678701134904.png

AjuSam_1-1678701264952.pngAjuSam_2-1678701343114.png

I have removed readonly="readonly" from inspect element and editing it was possible.

 

0 Helpfuls
  • 1,613 Views
3 REPLIES 3

AnveshKumar M
Tera Sage

‎03-13-2023 05:28 AM

Hi @Aju Sam ,

The best way to prevent this is validating the submitted form in backend processing (record producer script). I follow this to prevent this kind of scenario.

 

Thanks,

Anvesh

Thanks,
Anvesh
0 Helpfuls

SatyakiBose
Mega Sage

‎03-13-2023 06:35 AM

Hi @Aju Sam 

Did you try making it read only using a client script, and then see how it works?

0 Helpfuls

Not applicable

‎03-13-2023 06:47 AM

Use Data policy insted. This will enforce it on DB level.