Glideajax access script include gliderecord record user does not have permission

Go to solution
Joao Carlos1
Tera Guru

‎12-13-2023 11:50 AM

Hi guys,

 

Pretend this scenario:

 

Catalog client script calls a script include through glideajax and sends an incident number as a parameter.

 

Then Script include querys incident table through gliderecord and checks if the record exists. Returns a true or false.

 

So far so good, but...

 

What if the user that uses the client script has no permissions to query on incident table? Is there any way I could execute the function with more permissions? 

 

If there is no way I will just create a server side business rule, but the user experience will not be the same.

 

Any help is appreciated!

Thanks in advance.

 

 

0 Helpfuls
  • 829 Views
1 ACCEPTED SOLUTION

Go to solution
Ethan Davies
Mega Sage
Mega Sage
In response to Joao Carlos1

‎12-13-2023 12:11 PM

Apologies, the way the question was written I thought it was the opposite.

 

Having a user with no roles read the incident table will be a violation of your licensing agreement with ServiceNow. The platform default is that a user requires the itil or the sn_incident_read role to view records in that table. This is controlled by a Before Query Business Rule on the Incident table and by ACLs. Technically, nothing is stopping you from modifying these but I would highly advise against it. If ServiceNow discovers you trying to skirt the licensing agreement by allowing unrolled users to access licensed tables, there may be repercussions.

 

EthanDavies_0-1702498266092.png

 

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Ethan Davies
Mega Sage
Mega Sage

‎12-13-2023 11:58 AM

If you only want to return the records the User should be able to see, use GlideRecordSecure in your Script Include. It will respect ACLs.

 

You can also enable the glide.script.secure.ajaxgliderecord System Property, this will ensure that GlideAjax calls across the instance respect the ACLs of the user session.

 

https://docs.servicenow.com/bundle/vancouver-platform-security/page/administer/security/reference/en...

0 Helpfuls

Go to solution
Joao Carlos1
Tera Guru
In response to Ethan Davies

‎12-13-2023 12:05 PM

Hello Ethan,

 

Thank you for your answer but it does not solve my problem.

 

I need the oposite. I need the user with no roles to be able to query the incident table in the script include.

0 Helpfuls

Go to solution
Ethan Davies
Mega Sage
Mega Sage
In response to Joao Carlos1

‎12-13-2023 12:11 PM

Apologies, the way the question was written I thought it was the opposite.

 

Having a user with no roles read the incident table will be a violation of your licensing agreement with ServiceNow. The platform default is that a user requires the itil or the sn_incident_read role to view records in that table. This is controlled by a Before Query Business Rule on the Incident table and by ACLs. Technically, nothing is stopping you from modifying these but I would highly advise against it. If ServiceNow discovers you trying to skirt the licensing agreement by allowing unrolled users to access licensed tables, there may be repercussions.

 

EthanDavies_0-1702498266092.png

 

0 Helpfuls

Go to solution
Joao Carlos1
Tera Guru
In response to Ethan Davies

‎12-13-2023 12:19 PM

Thanks Ethan, I was not seeing it from that side. Thanks again for your quick help!

0 Helpfuls