Read ACL should not have GlideRecord/GlideAggregate/GlideRecordSecure in script.

prityshawex · ‎07-21-2025

Hello All,

Hope all are doing good !!

ACLs (Security rules) should not have GlideRecord/GlideAggregate in script

We have a custom ACL written as shown below using GlideRecord. How can i replace this code so that it does not use GlideRecord query. or is it even possible in this case?.

var gr = new GlideRecord('sys_user_delegate');

gr.addQuery("user", '' + current.n_1_validator.sys_id);

gr.addQuery("delegate", '' + gs.getUserID());

gr.addEncodedQuery("starts<=javascript&colon;gs.endOfToday()");

gr.addEncodedQuery("ends>=javascript&colon;gs.beginningOfToday()");

gr.setLimit(1);

gr.query();

if (gr.next()) {

answer = true;

} else {

answer = false;

}

Regards,
Prity

J Siva · ‎07-21-2025

Hi @prityshawex
Have this logic in the script include and call the script include from the ACL script.
Regards,
Siva

Ankur Bawiskar · ‎07-21-2025

@prityshawex

Yes it's not recommended to use GlideRecord, GlideAggregate in ACL script as per best practices.

Try this

1) see if you can handle the above in conditions directly

OR

2) create a script include and then call it from your ACL script

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Tiago Gomes · yesterday

@Ankur Bawiskar

How does moving the GlideRecord into a Script Include solve the problem?
From a system perspective, isn’t the ACL evaluation exactly the same when we call the Script Include?

Thanks.

Ankur Bawiskar · yesterday

@Tiago Gomes

that's correct.

It still calls and evaluates but that's what how the scan is bypassed in case we wish to solve the requirement.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader