Hi guys I hope some can Help! What Im actully trying to do is by using a Rest post call upload an attachment, but I am having problems if the user is not admin, I get this
I tried what the wiki says modifying 3 properties in order to allow the role that you want to upload attachments by web services, but it didnt work! first there I found properties quite different regarding the ones in the wiki, and still didnt work! I found that if I set this property to "allow access" it works
but I think this could affect other areas that I dont want to, so any ideas?? thank you very much!
Hi Jose,
The wiki article which describes the property you changed to "allow access" I mention below.
As you may already know, it is generally a bad idea to change glide.sm.default_mode to "allow access".
I thought I would mention this anyway, however 😉
Best Regards
Tony
High Security Settings - ServiceNow Wiki
Default Deny Property
Activating the High Security plugin creates the glide.sm.default_mode security property, which controls the security manager default behavior when the only matching ACL rules are the wildcard table ACL rules. The High Security application also includes a set of wildcard table ACL rules for the most common record-based operations: read, write, create, and delete as well as a significant number of ACLs to provide role-based access to system tables. For example, there are ACLs that grant sys_script access to the business_rule_admin role because that role is documented as being able to manage business rules.
The choices for the glide.sm.default_mode property are:
- Deny Access: The wildcard table ACL rules restrict the read, write, create, and delete operations on all tables unless the user has the admin role or meets the requirements of another table ACL rule. Other operations, such as report_on and personalize_choices, are unaffected by this setting.
| Note: By default, the wildcard table ACL rules are the only ACL rules that check for the value of the glide.sm.default_mode property. If you want to control other operations with this setting, create your own ACL rules to check for this property value. See Using Access Control Rules. |
When an instance is upgraded while running the High Security plugin, the glide.sm.default_mode property is set to Allow Access and can be changed to Deny Access.
When the High Security plugin is activated on a new instance, the glide.sm.default_mode property is set to Deny Access.
To change the property:
- Navigate to System Properties > Security.
- Select Deny Access or Allow Access for the Security manager default behavior.
- Allow Access: The wildcard table ACL rules allow the read, write, create, and delete operations on all tables unless there are specific table ACL rules in place to restrict such operations.
