How to restrict modifications to specific system properties when coding this logic in a Script Include of my scoped application. Note that this Script Include is invoked by various business rules or ACLs and executes regardless of which user triggers those rules.
- System properties are stored in the sys_property table; modifying them via scripts typically uses gs.setProperty() or direct GlideRecord updates.
To avoid confusion, it’s important to distinguish "Write roles" from the related "Read roles" field in sys_property:
Field Purpose
| Write roles | Controls who can modify the property (edit value, delete the record). |
| Read roles | Controls who can view the property (if left empty, all users can read it). |
Example Use Case
If you set the "Write roles" of a scoped app’s property (e.g., x_your_app.api_key) to x_your_app.admin, only users with the x_your_app.admin role can update that API key. Regular users or even system admins (without the scoped admin role) will be unable to edit it—preventing accidental or unauthorized changes.
