Impact of adding a property

Go to solution
Pranavi13
Tera Contributor

‎07-01-2024 09:34 AM

Hello,

We have a requirement where we need to hide a few error messages that are appearing when an incident is opened by user (occurring after latest hot fix) 

error messages.png

 

 

As per the suppport article, a property that hides query error messages is to be added.

Property is -> glide.db.encoded_query.field_acl_error_msg  (value set to false)
I just wanted to check the impact of adding this property ? It applies globally so will it cause an issue? Will it hide error messages that are supposed to be shown too? I couldn't find relevant documentation.. Please help!

0 Helpfuls
  • 1,212 Views
1 ACCEPTED SOLUTION

Go to solution
Sid_Takali
Kilo Patron
Kilo Patron

‎07-01-2024 11:54 AM

Hi @Pranavi13 

Disabling the "glide.db.encoded query.field acl_error_msg" system property in ServiceNow can have significant implications for how the instance handles access control errors when running encoded queries. This property controls whether detailed error messages are shown to users when they attempt to execute queries that violate field-level access control (ACL) rules. Here’s a detailed explanation of the property and the potential impacts of disabling it.

 

Potential Impacts of Disabling the Property

 

  • Generic Error Messages: Users will see a generic error message when their queries violate field-level ACLs, which can make it harder for them to understand why their query failed.
  • Increased Support Requests: Users may need to contact support or administrators more frequently to diagnose and resolve query issues, as they won’t have detailed information about the ACL violations.
  • Improved Security: Disabling the property can enhance security by preventing potential attackers from gaining insights into the system’s ACL configuration. Detailed error messages can sometimes reveal sensitive information about the system’s structure and permissions.
  • Reduced Information Leakage: Generic error messages reduce the risk of information leakage by not disclosing specific field names or reasons for access denial.

Regards,

Sid

 

 

 

View solution in original post

3 REPLIES 3

Go to solution
Sid_Takali
Kilo Patron
Kilo Patron

‎07-01-2024 11:54 AM

Hi @Pranavi13 

Disabling the "glide.db.encoded query.field acl_error_msg" system property in ServiceNow can have significant implications for how the instance handles access control errors when running encoded queries. This property controls whether detailed error messages are shown to users when they attempt to execute queries that violate field-level access control (ACL) rules. Here’s a detailed explanation of the property and the potential impacts of disabling it.

 

Potential Impacts of Disabling the Property

 

  • Generic Error Messages: Users will see a generic error message when their queries violate field-level ACLs, which can make it harder for them to understand why their query failed.
  • Increased Support Requests: Users may need to contact support or administrators more frequently to diagnose and resolve query issues, as they won’t have detailed information about the ACL violations.
  • Improved Security: Disabling the property can enhance security by preventing potential attackers from gaining insights into the system’s ACL configuration. Detailed error messages can sometimes reveal sensitive information about the system’s structure and permissions.
  • Reduced Information Leakage: Generic error messages reduce the risk of information leakage by not disclosing specific field names or reasons for access denial.

Regards,

Sid

 

 

 

Go to solution
Pranavi13
Tera Contributor
In response to Sid_Takali

‎07-02-2024 12:13 AM

Hi @Sid_Takali ,

Thanks for the response. I just wanted to check with you if you can provide any example where you think these ACL query error messages are required for the user.. I see they are related to some underlying queries but will these errors be still required by user or can they be hidden? If they are really required messages, any example please?

0 Helpfuls

Go to solution
Sid_Takali
Kilo Patron
Kilo Patron
In response to Pranavi13

‎07-02-2024 01:17 AM

Hi @Pranavi13 

To test the new error message, try accessing a field that you do not have permission to view using an encoded query. You should see the custom error message you set in the system property. 

 

Example

If a user attempts to access a restricted field via an encoded query, ServiceNow will check the field ACLs (Access Control Lists) and, if the user does not have permission, the system will display the message specified in the "glide.db.encoded query.field acl_error_msg" property.

 

Regards,

Sid