How to make a GlideRecord read only?

Go to solution
Daniel Oderbolz
Kilo Sage

‎11-08-2018 11:53 PM

Hi

I have a situation where I pass a GlideRecord to a cutomer-defined function to perform some check.
In order to avoid the customer to mess with the GlideRecord (intentionally or uninitentionally), I would like to make the GlideRecord read-only before passing it to the function.

Is this possible?

Many thanks for your insights!

Cheers
Daniel


If this answer was helpful, I would appreciate if you marked it as such - thanks!

Best
Daniel
Labels:
0 Helpfuls
  • 1,782 Views
1 ACCEPTED SOLUTION

Go to solution
Ahmmed Ali
Mega Sage
In response to Daniel Oderbolz

‎11-09-2018 07:29 AM

Hello Daniel,

 

I am not inclined towards implementation of this use case. if customer wants any data, then I would have passed the JSON or any other objects with data. Surely will not pass GlideRecord object and then worry about update on the database.

but if you are up with the requirement implementation, then below are my suggestions.

 

I don't think we can make GlideRecord Object read only. If you are passing GlideRecord object of particular table, you can have a before insert/update BR on the table to identify if update is from that script and then abort the action. here you need to find a way to identify the if he action is from those script.

 

another way to ensure no database actions on the GlideRecord (for any table) would be to set the abort action to true and then pass the object.

setAbortAction(true);

 

i.e before passing the GlideRecord object, use gr.setAbortAction(true); so that even if gr.update() executed from another end, it will not update the records in database. 

 

Note: but if another end before gr.update(), if they use serAbortAction(false) then they can update the database record. but it is TRUST that they should not be update intentionally with this kind.

 

Thanks,

ALi

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Ahmmed Ali
Mega Sage

‎11-09-2018 12:04 AM

I don't thing we can make GlideRecord readonly.

Where exactly you are passing the GlideRecord object ?

more details would be helpful to suggest an alternate solution.

 

Thanks,

Ali

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali
0 Helpfuls

Go to solution
Community Alums
Not applicable

‎11-09-2018 02:41 AM

Hi Daniel,

yes this is possible and even better there is OOB GlideRecordSecure that is same as GlideRecord but with the defined ACLs. Check this link for more info :

https://docs.servicenow.com/bundle/jakarta-application-development/page/script/glide-server-apis/concept/c_UsingGlideRecordSecure.html

 

Cheers,

 

Joro

0 Helpfuls

Go to solution
Daniel Oderbolz
Kilo Sage
In response to Community Alums

‎11-09-2018 03:00 AM

Dear Ahmmed
Dear Joro

Thanks for your suggestions!
Unfortunately, GlideRecordSecure is not what I am looking for. One of the issues is this:

"Be aware that, when using GlideRecordSecure, non-writable fields are set to NULL when trying to write to the database. By default, canCreate() on the column is replaced with canWrite() on the column. If that returns false, the column value is set to NULL."

Which means that the very thing I want to avoid (a function being able to modify a value in the Database) is not prevented - even worse, the values are set to NULL.

Let me describe my Use Case better:

Assume you have a table with a field that contains a Javascript function. This function takes a GlideRecord as Input. Because I will not write these functions, I want to avoid sice effects, especially to the GlidRecord.

So ideally,there would be a GlideRecordReadOnly, which only implements methods to query it but not to update it (independent of ACLs). THis would allwo me to pass this immutable object safely to the function unkown to me.

Thanks a lot & Best
Daniel

 


If this answer was helpful, I would appreciate if you marked it as such - thanks!

Best
Daniel
0 Helpfuls

Go to solution
Ahmmed Ali
Mega Sage
In response to Daniel Oderbolz

‎11-09-2018 07:29 AM

Hello Daniel,

 

I am not inclined towards implementation of this use case. if customer wants any data, then I would have passed the JSON or any other objects with data. Surely will not pass GlideRecord object and then worry about update on the database.

but if you are up with the requirement implementation, then below are my suggestions.

 

I don't think we can make GlideRecord Object read only. If you are passing GlideRecord object of particular table, you can have a before insert/update BR on the table to identify if update is from that script and then abort the action. here you need to find a way to identify the if he action is from those script.

 

another way to ensure no database actions on the GlideRecord (for any table) would be to set the abort action to true and then pass the object.

setAbortAction(true);

 

i.e before passing the GlideRecord object, use gr.setAbortAction(true); so that even if gr.update() executed from another end, it will not update the records in database. 

 

Note: but if another end before gr.update(), if they use serAbortAction(false) then they can update the database record. but it is TRUST that they should not be update intentionally with this kind.

 

Thanks,

ALi

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali
0 Helpfuls