Read ACL should not have GlideRecord/GlideAggregate/GlideRecordSecure in script.

prityshawex · ‎07-21-2025

Hello All,

Hope all are doing good !!

ACLs (Security rules) should not have GlideRecord/GlideAggregate in script

We have a custom ACL written as shown below using GlideRecord. How can i replace this code so that it does not use GlideRecord query. or is it even possible in this case?.

var gr = new GlideRecord('sys_user_delegate');

gr.addQuery("user", '' + current.n_1_validator.sys_id);

gr.addQuery("delegate", '' + gs.getUserID());

gr.addEncodedQuery("starts<=javascript&colon;gs.endOfToday()");

gr.addEncodedQuery("ends>=javascript&colon;gs.beginningOfToday()");

gr.setLimit(1);

gr.query();

if (gr.next()) {

answer = true;

} else {

answer = false;

}

Regards,
Prity

Chaitanya ILCR · ‎07-21-2025

Hi @prityshawex ,

This type of requirement definitely require scripting,

You do following instead.

create a role

since it's a read operation create an acl and add the created role to the acl and assign the role to correct users (you can automate this assignment (by BR) and removal( by scheduled job))

and create a query BR and restrict the access to those specific records by adding the same logic in the query BR

OR

if you don't want to see the the code and find to have a single line in the ACL like @J Siva suggested create a script include and add the logic to the script include and call the script include in the ACL

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

Mark Manders · ‎07-21-2025

Consider to create a security attribute for this. You can just put that in place on any ACL you need. It makes it reusable (https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/contextual-securit.... There almost is no need for scripting in the script field of an ACL anymore.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark