We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Servicenow acl query

Aditya_hublikar
Mega Sage

3 weeks ago

Hi everyone, I’ve noticed that some properties/records which are restricted to be updated only by the maint role in the UI can still be modified using Scripts – Background. Is this expected platform behavior due to elevated script execution privileges, or is there a recommended way to prevent such updates? I’m trying to understand the security best practices around controlling admin/script-level changes and whether additional ACLs or governance controls are typically used

 

 

Aditya08_0-1770804543322.png

 

 

After background script :

 

Aditya08_1-1770804582435.png

 

Background script: 

Aditya08_2-1770804599860.png

 

 

I also look at its acl then i got ACL Like write access is only for nobody role,still it will get updated by background script 

 

Aditya08_3-1770805557391.png

 

Aditya08_4-1770805568345.png

 

 

 

 

0 Helpfuls
  • 511 Views
5 REPLIES 5

Ankur Bawiskar
Tera Patron

3 weeks ago - last edited 3 weeks ago

@Aditya_hublikar 

you are using GlideRecord and it doesn't evaluate ACL

If you use GlideRecordSecure, it checks ACL and you won't be allowed to update

Try that once

GlideRecordSecure | GlideRecord vs GlideRecordSecure | When to use GlideRecordSecure 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Ankur Bawiskar
Tera Patron
In response to Ankur Bawiskar

3 weeks ago

@Aditya_hublikar 

Hope you are doing good.

Did my reply answer your question?

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Aditya_hublikar
Mega Sage
In response to Ankur Bawiskar

3 weeks ago

Hello @Ankur Bawiskar ,

 

Its right but maint role is most of top roles in servicenow,still we can update those data whose access is only for maint or nobody role . I just want to understand is it gap/ambiguity. GlideRecord  doesn't evaluate ACL It ok for other roles in  servicenow but for maint/nobody role also ?

0 Helpfuls

Ankur Bawiskar
Tera Patron
In response to Aditya_hublikar

3 weeks ago

@Aditya_hublikar 

GlideRecord doesn't evaluate so you can basically update anything even if maint or nobody role is there.

that's OOTB behavior.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader