Why is the client-side GlideRecord considered inefficient?

lauri457
Tera Sage

2 hours ago

Can someone clarify to me why the client side gr api is considered inefficient? Is there something I am overlooking? To me the api seems like a good alternative to having countless simple script includes for some highly specific purpose. I keep reading this claim everywhere so it got me curious and I ran through this extremely scientific empiric study on the topic.

 

I created a script include to get all incident numbers

var ClientGr = Class.create();
ClientGr.prototype = Object.extendsObject(AbstractAjaxProcessor, {

	query: function () {
		var _ = new GlideRecordSecure("incident"), __ = [];
		_.query();
		while (_.next()) {
			__.push(_.getDisplayValue())
		}
		return __.toString();
	},

	type: 'ClientGr'
});

Before calling my script include with glideajax from the console i flushed system cache with cache.do and impersonated joe employee.

var a = new window.gsft_main.GlideAjax("ClientGr");
a.addParam("sysparm_name",
"query");
a.getXMLAnswer((r) => console.log(r))

4 seconds. Although it does get faster on consecutive tries, I'm assuming because of caching acls and the query etc.

glideajax.png

Then I flushed cache again, impersonated ol' joe and tried with gliderecord

var g = new window.gsft_main.GlideRecord("incident")
g.setLimit(9999) //theres a default cap of 500, there are way less incidents on my pdi
g.setDisplayFields(["number"]) //only get number field
g.query((r) => {
    while (r.next()) {
        console.log(r)
    }
})

These both return the same result set of 16 incidents but gr is quite a bit faster (I am aware of the limited scope of my testing). 

gliderecord.png

If I try this with admin priviledges gr returns faster from the server but i'm guessing loses because of the payload size and how tcp works.

 

I did notice that the portal gliderecord does not have setDisplayFields but the whole gr is just a wrapper for glideajax using sysparm_processor="AJAXGlideRecord" so it can be used directly. 

 

The gr api even supports dotwalking with the setDisplayFields method. So what am i missing?

0 Helpfuls
  • 121 Views
2 REPLIES 2

Pavan Srivastav
ServiceNow Employee

2 hours ago

Really solid empirical approach — and your observations are actually correct in several ways. The "client-side GlideRecord is inefficient" claim is true but often poorly explained. Let me break down exactly what's happening and where the nuance lies.

Why the Claim Exists — The Real Reasons

1. No Field Restriction by Default (The Main Offender)

When most developers use client-side GlideRecord, they write it like this:

 
 
javascript
var g = new GlideRecord("incident");
g.query(function(r) {
    while (r.next()) {
        console.log(r.getValue("number"));
    }
});

With no setDisplayFields() or setFields(), ServiceNow returns the entire record — every field, every value — across the wire. For incident that can be 100+ fields per row. You noticed this yourself when testing as admin — the payload size kills performance even if the server query is fast.

Your version with setDisplayFields(["number"]) sidesteps this entirely. Most developers don't know or don't bother doing this, which is why the blanket warning exists.

2. No Server-Side Business Logic Control

With a Script Include (GlideAjax), you control exactly what runs server-side:

 
 
javascript
// Server controls the query, fields, filtering, limits — all opaque to client
var _ = new GlideRecordSecure("incident");
_.addEncodedQuery("active=true^priority=1");
_.setLimit(50);

With client-side GlideRecord, the client dictates the query to the server. This means:

  • Users can open DevTools and modify the query parameters before they're sent
  • There's no server-side validation of what's being requested
  • A curious user can change setLimit(50) to setLimit(9999) trivially

For non-sensitive data this is fine. For anything security-sensitive, it's a problem.

3. ACL Evaluation Overhead (What You Observed)

Your 4-second GlideAjax result on first run vs faster GlideRecord — this is likely because GlideRecordSecure in your Script Include evaluates field-level and row-level ACLs server-side for every record, every field. Client GlideRecord also does ACL checks but the payload restriction via setDisplayFields means fewer ACLs to evaluate.

The caching speedup you noticed on consecutive runs is exactly this — ACL decisions get cached per session.

4. The sysparm_processor=AJAXGlideRecord Detail You Caught

You're right that client GlideRecord is just a GlideAjax wrapper under the hood. This means it has the same round-trip cost as GlideAjax — the difference is just in what the server does with the request. There's no magic efficiency difference at the transport layer.

Where Your Approach Actually Holds Up

Your instinct about Script Includes is valid and the claim is overstated in these cases:

Situation Client GlideRecord Fine?
Fetching a small, known field set with setDisplayFields Yes
Non-sensitive data, no security concern Yes
Simple one-off lookups where a Script Include feels like overkill Yes
Large result sets with no field restriction No
Security-sensitive queries No
Complex server-side logic / joins / aggregates Script Include wins

The One Thing You May Be Overlooking

The setDisplayFields method is not documented officially for client-side GlideRecord and behaves differently across contexts (Service Portal vs platform UI). You noticed Portal GlideRecord doesn't have it — that inconsistency is a real maintenance risk. If a future ServiceNow release changes that undocumented behavior, your optimized client GlideRecord silently becomes the unoptimized version again, and you'd have no warning.

A Script Include is explicit and version-stable by comparison.

Bottom Line

The inefficiency claim is really about how most developers use client GlideRecord, not the API itself. Your disciplined use of setDisplayFields and setLimit produces a reasonable result. The legitimate reasons to still prefer Script Includes are security control, server-side logic complexity, and cross-context consistency — not raw performance when the client GlideRecord is used carefully.

Your empirical instinct was right to question the blanket claim.

0 Helpfuls

lauri457
Tera Sage
In response to Pavan Srivastav

22m ago

If I want an llm's response I'll ask one. I'd like to see better replies from sn employees. 

Take point 3 of your answer for example; if you can skip acl evaluation for all fields by just querying with the client gliderecord this is a massive pro. You can't at least to my knowledge query a single field in a server script in any manner, from a database view maybe. 

 

Or the table from point 4. and the row about security-sensitive queries. It would be quite a huge security flaw if the client-side gliderecord did not respect acls. You say it yourself, the client api is available to anyone because it is on the client.

0 Helpfuls