Hello,

I have learned that there are system properties glide.enforce_security_scope.<scope_name> which secure the HR data from accessing by non-HR users.

I have read Docs and KB article but I could not fully understand how it works.

Is there anyone who can tell me the details listed below?

- Where do those properties work? sys_attachment, question_answer, and???
- What is the condition for those properties to work. For example, the record on sys_attachment table have no application scope, and its parent record such as HR case does not have application scope. But it seems that glide.enforce_security_scope.sn_hr_core is working.

- Docs is saying that only Global scope ACL is excluded but KB is saying every ACL other that the specific scope is excluded. Which is correct?

- During security debug, it is not working on debug log. I mean even if the access is denied, the log shows Pass. Is this a bug?