Enable ACLs to control live profile details (instance security hardening)
Use the glide.live_profile.details property to designate whether a user should be able to view all detail fields, such as company name and phone numbers, in a live profile.
- If the value is set to Show, access to the live profile information is granted, regardless of the ACLs created for the user profile.
- If the value is set to ACL, access to the live profile information is restricted, as per the ACLs created for the user profile.
- If the value is set to Hide, access to the live profile information is restricted, regardless of the ACLs created for the user profile.
More information
| Attribute | Description |
|---|---|
| Property name | glide.live_profile.details |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | The purpose is to enable only authorized users to access the details of a Live Profile (such as Company name, Phone numbers) |
| Recommended value | ACL |
| Functional Impact | If property is not enabled, unauthorized users can access the Live profile details of all other users. |
| Security risk | (Medium) API requests should always honor table ACLs. Restriction must be applied to prevent unauthorized users accessing details of a Live Profile. |
To learn more about adding or creating a system property, see Add a system property.