Will the script include be restricted by ACl?

Go to solution
l c1
Kilo Contributor

‎04-07-2022 08:36 PM

Hello,

When I set a script with Client-callable script include ACL rule, and call the script in the business rule (the script is included in the script include), will the access of the script be restricted?
If the role does not have the permissions required in the script, will the script execute successfully?

What does the execution of record do in ACL?

0 Helpfuls
  • 2,731 Views
1 ACCEPTED SOLUTION

Go to solution
Vasantharajan N
Giga Sage
Giga Sage
In response to l c1

‎04-08-2022 12:05 AM

Say for example, you have a client callable script include that provides sensitive information that is to be accessed by people with specific role. 

In that case if you set the isPublic function return false to mark that script include as Private and set the ACL to have the execute permission for the people with right role.

benefit of this is that If you simply create the script include any developer can try to make use of the functions available in the script include that may lead to potential data leak/security risk. 


Thanks & Regards,
Vasanth

View solution in original post

6 REPLIES 6

Go to solution
Vasantharajan N
Giga Sage
Giga Sage

‎04-07-2022 09:07 PM

There is a ACL type "client_callable_script_include" to allow restriction on client callable script include.

find_real_file.png

Link to docs https://docs.servicenow.com/bundle/sandiego-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html


Thanks & Regards,
Vasanth
Preview file
23 KB
0 Helpfuls

Go to solution
l c1
Kilo Contributor
In response to Vasantharajan N

‎04-07-2022 09:24 PM

I tried using this type of ACL to restrict script execution, but it executes no matter what

0 Helpfuls

Go to solution
Vasantharajan N
Giga Sage
Giga Sage
In response to l c1

‎04-07-2022 09:52 PM

Did you go through the documentation?

because by default all script include is considered public through system property. if you want to make it private any specific script include where you can apply this ACL, there are workaround mentioned in the documentation. So please check on that and let us know still if you face same behavior.


Thanks & Regards,
Vasanth

Go to solution
l c1
Kilo Contributor
In response to Vasantharajan N

‎04-07-2022 10:47 PM

Thank you,

Can you tell me the specific usage of client_callable_script_include or scenes? I read the documentaton, but explanation of the type is simple.

0 Helpfuls