<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>question Re: What's the difference between GlideRecord and GlideRecordSecure? in Common Service Data Model forum</title>
    <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464119#M8891</link>
    <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;Yes, &lt;STRONG&gt;GlideRecord bypasses ACLs by default&lt;/STRONG&gt; in server-side scripts.&lt;/P&gt;&lt;P class=""&gt;A user without read access to Table A could view its data through a UI Action that uses GlideRecord.&lt;/P&gt;&lt;P class=""&gt;This was the major drawback with gliderecord , hence we are having GlideRecordSecure API which checks for ACL also&lt;/P&gt;&lt;P class=""&gt;Apart from this You can check out this blog&lt;/P&gt;&lt;P class=""&gt;&lt;A href="https://developer.servicenow.com/blog.do?p=%2Fpost%2Fgliderecord-vs-gliderecordsecure%2F" target="_self"&gt;https://developer.servicenow.com/blog.do?p=%2Fpost%2Fgliderecord-vs-gliderecordsecure%2F&lt;/A&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;if my response helps, Please Mark helpful and accept as solution , you can accept Multiple &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;Warm Regards&lt;/P&gt;&lt;P class=""&gt;Sumit Yadav&lt;/P&gt;&lt;P class=""&gt;Technical Consultant&lt;/P&gt;</description>
    <pubDate>Fri, 09 Jan 2026 09:04:59 GMT</pubDate>
    <dc:creator>its_SumitNow</dc:creator>
    <dc:date>2026-01-09T09:04:59Z</dc:date>
    <item>
      <title>What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464049#M8882</link>
      <description>&lt;P&gt;If we use GlideRecord without explicitly requires ACL check, it can get data bypass the ACL check? For example, if a UI action uses GlideRecord to fetch data in table A, then a user without read ACL in table A can view table A's data when pressing that UI action? Thanks.&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:04:50 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464049#M8882</guid>
      <dc:creator>Lisa71</dc:creator>
      <dc:date>2026-01-09T08:04:50Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464055#M8883</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;GlideRecord is the standard, powerful table API for database interaction, while GlideRecordSecure extends it by automatically enforcing Access Control Lists (ACLs) for the current user, making it safer for sensitive data and scoped applications where respecting user permissions (read/write/delete) is crucial; GlideRecord requires manual canRead() checks, whereas GlideRecordSecure handles them implicitly, ensuring compliance without extra code.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Go through this blog for better understanding -&amp;nbsp;&lt;A href="https://developer.servicenow.com/blog.do?p=/post/gliderecord-vs-gliderecordsecure/" target="_blank"&gt;https://developer.servicenow.com/blog.do?p=/post/gliderecord-vs-gliderecordsecure/&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:13:34 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464055#M8883</guid>
      <dc:creator>PrashantLearnIT</dc:creator>
      <dc:date>2026-01-09T08:13:34Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464064#M8884</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp; ,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;GlideRecord → does not check ACLs (system-level access)&lt;/P&gt;&lt;P&gt;GlideRecordSecure → checks ACLs for the current user.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So if your UI Action or Script Include runs as a user, always use &lt;STRONG&gt;GlideRecordSecure&lt;/STRONG&gt; or check gr.canRead()&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If you use GlideRecord in a server-side script (like a UI Action, Business Rule, or Script Include), it usually runs with system-level access. That means it does not check ACLs by default.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So, even if a user does not have read access to a table, your script can still get and show that data when it runs on the server. If your UI Action sends that data back to the user (for example, showing it in a message or portal), then the user can see information they normally shouldn’t.&lt;/P&gt;&lt;P&gt;To make sure ACLs are checked, you should use GlideRecordSecure instead of GlideRecord. GlideRecordSecure automatically follows the user’s ACL permissions.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;aslo check this :&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.servicenow.com/community/developer-blog/gliderecordsecure-gliderecord-vs-gliderecordsecure-when-to-use/ba-p/2539299" target="_blank" rel="noopener"&gt;https://www.servicenow.com/community/developer-blog/gliderecordsecure-gliderecord-vs-gliderecordsecure-when-to-use/ba-p/2539299&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;A href="https://developer.servicenow.com/blog.do?p=/post/gliderecord-vs-gliderecordsecure/" target="_blank" rel="noopener"&gt;https://developer.servicenow.com/blog.do?p=/post/gliderecord-vs-gliderecordsecure/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If you found my solution helpful, please mark it as &lt;EM&gt;Helpful&lt;/EM&gt; or &lt;EM&gt;Accepted Solution...!&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;thanks,&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;tejas&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;Email&lt;STRONG&gt;:&lt;/STRONG&gt; &lt;A target="_blank" rel="noopener"&gt;adhalraotejas1018@gmail.com&lt;/A&gt;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;LinkedIn&lt;STRONG&gt;:&lt;/STRONG&gt; &lt;A class="" href="https://www.linkedin.com/in/tejas1018" target="_new" rel="noopener"&gt;https://www.linkedin.com/in/tejas1018&lt;/A&gt;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:22:51 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464064#M8884</guid>
      <dc:creator>Tejas Adhalrao</dc:creator>
      <dc:date>2026-01-09T08:22:51Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464090#M8887</link>
      <description>&lt;P&gt;Hello&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;There slightly difference between GlideRecord and GlidRecordSecure .&lt;/P&gt;&lt;P&gt;1)GlideRecord api dont enforce Access Control List (ACL) while performing database operation like read,write,update.It dont check user has required role or not while performing database operation.&lt;/P&gt;&lt;P&gt;Its execution time is less as compared to GlideRecordSecure api .&lt;/P&gt;&lt;P&gt;2)Gliderecord Secure enforce ACL means it check while performing Database operation user has valid roles or not . If dont then denied database operation. It take more execution time as compared to GlideRecord api&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;You can also refer this Article also :&lt;/P&gt;&lt;P&gt;&lt;A href="https://www.servicenow.com/community/developer-blog/gliderecordsecure-gliderecord-vs-gliderecordsecure-when-to-use/ba-p/2539299" target="_self"&gt;https://www.servicenow.com/community/developer-blog/gliderecordsecure-gliderecord-vs-gliderecordsecure-when-to-use/ba-p/2539299&lt;/A&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If this helps you then mark it as helpful and accept as solution.&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Aditya,&lt;/P&gt;&lt;P&gt;Technical Consultant&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:46:57 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464090#M8887</guid>
      <dc:creator>Aditya_hublikar</dc:creator>
      <dc:date>2026-01-09T08:46:57Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464092#M8888</link>
      <description>&lt;P&gt;Thank you, then what do you mean by "system level access", which permission does "system level access" have?&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:48:34 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464092#M8888</guid>
      <dc:creator>Lisa71</dc:creator>
      <dc:date>2026-01-09T08:48:34Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464119#M8891</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;Yes, &lt;STRONG&gt;GlideRecord bypasses ACLs by default&lt;/STRONG&gt; in server-side scripts.&lt;/P&gt;&lt;P class=""&gt;A user without read access to Table A could view its data through a UI Action that uses GlideRecord.&lt;/P&gt;&lt;P class=""&gt;This was the major drawback with gliderecord , hence we are having GlideRecordSecure API which checks for ACL also&lt;/P&gt;&lt;P class=""&gt;Apart from this You can check out this blog&lt;/P&gt;&lt;P class=""&gt;&lt;A href="https://developer.servicenow.com/blog.do?p=%2Fpost%2Fgliderecord-vs-gliderecordsecure%2F" target="_self"&gt;https://developer.servicenow.com/blog.do?p=%2Fpost%2Fgliderecord-vs-gliderecordsecure%2F&lt;/A&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;if my response helps, Please Mark helpful and accept as solution , you can accept Multiple &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;&amp;nbsp;&lt;/P&gt;&lt;P class=""&gt;Warm Regards&lt;/P&gt;&lt;P class=""&gt;Sumit Yadav&lt;/P&gt;&lt;P class=""&gt;Technical Consultant&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 09:04:59 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464119#M8891</guid>
      <dc:creator>its_SumitNow</dc:creator>
      <dc:date>2026-01-09T09:04:59Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464120#M8892</link>
      <description>&lt;P&gt;Then using gliderecord API, the developer can allow anyone to access any data even the developer him/herself doesn't have access to that table, right?&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 09:06:57 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464120#M8892</guid>
      <dc:creator>Lisa71</dc:creator>
      <dc:date>2026-01-09T09:06:57Z</dc:date>
    </item>
    <item>
      <title>Re: What's the difference between GlideRecord and GlideRecordSecure?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464127#M8893</link>
      <description>&lt;P&gt;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Yes, exactly right!&lt;/P&gt;&lt;P&gt;When a developer writes server-side code with GlideRecord , that code runs with system privileges and bypasses ACLs.&lt;/P&gt;&lt;P&gt;This means:&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;The developer can query ANY table - even tables they personally don't have access to&lt;/LI&gt;&lt;LI&gt;Any user executing that code can see the data - regardless of their ACLs&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;if my response helps, Please Mark helpful and accept as solution &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/EM&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 09:13:16 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/what-s-the-difference-between-gliderecord-and-gliderecordsecure/m-p/3464127#M8893</guid>
      <dc:creator>its_SumitNow</dc:creator>
      <dc:date>2026-01-09T09:13:16Z</dc:date>
    </item>
  </channel>
</rss>

