Read ACL should not have GlideRecord/GlideAggregate/GlideRecordSecure in script.

prityshawex
Tera Contributor

‎07-21-2025 10:07 PM

Hello All,

Hope all are doing good !!

ACLs (Security rules) should not have GlideRecord/GlideAggregate in script

We have a custom ACL written as shown below using GlideRecord. How can i replace this code so that it does not use  GlideRecord query. or is it even possible in this case?.

 

var gr = new GlideRecord('sys_user_delegate');
gr.addQuery("user", '' + current.n_1_validator.sys_id);
gr.addQuery("delegate", '' + gs.getUserID());
gr.addEncodedQuery("starts<=javascript&colon;gs.endOfToday()");
gr.addEncodedQuery("ends>=javascript&colon;gs.beginningOfToday()");
gr.setLimit(1);
gr.query();
if (gr.next()) {
    answer = true;
} else {
    answer = false;
}

Regards,
Prity
0 Helpfuls
  • 337 Views
4 REPLIES 4

J Siva
Tera Sage

‎07-21-2025 10:10 PM

Hi @prityshawex 
Have this logic in the script include and call the script include from the ACL script.
Regards,
Siva

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎07-21-2025 10:43 PM

@prityshawex 

Yes it's not recommended to use GlideRecord, GlideAggregate in ACL script as per best practices.

Try this

1) see if you can handle the above in conditions directly

OR

2) create a script include and then call it from your ACL script

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Chaitanya ILCR
Kilo Patron

‎07-21-2025 10:47 PM

Hi @prityshawex ,

 

This type of requirement definitely require scripting,

 

You do following instead.

 

create a role

 

since it's a read operation create an acl and add the created role to the acl and assign the role to correct users (you can automate this assignment (by BR) and removal( by scheduled job))

 

 

and create a query BR and restrict the access  to those specific records by adding the same logic in the query BR

 

 

OR

 

if you don't want to see the the code and find to have a single line in the ACL like @J Siva suggested create a script include and add the logic to the script include and  call the script include in the ACL

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

0 Helpfuls

Mark Manders
Mega Patron

‎07-21-2025 11:11 PM

Consider to create a security attribute for this. You can just put that in place on any ACL you need. It makes it reusable (https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/contextual-securit.... There almost is no need for scripting in the script field of an ACL anymore.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls