Restrict performance monitoring access [Updated in Security Center 1.3]
Use the glide.security.diag_txns_acl property to control stats.do, threads.do, thread_pool_stats, and replication.do access from an unauthenticated connection.
When you set this property to true, the
glide.security.diag_txns_acl property only allows access to the
following by the administrator account:
- https://<instancename>.service-now.com/stats.do
- https://<instancename>.service-now.com/threads.do
- https://<instancename>.service-now.com/replication.do
- https://<instancename>.service-now.com/thread_pool_stats.do
More information
| Attribute | Description |
|---|---|
| Property name | glide.security.diag_txns_acl |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Configuration |
| Purpose | Restrict the access to configuration pages to administrator account only |
| Recommended value | true |
| Default value | true |
| Security risk rating | 5.3 |
| Functional impact | This remediation enforces only administrator account to get access to the application sensitive data for logging and troubleshooting purposes. |
| Security risk | (Moderate) Sensitive data such as server details, threads, and processes executed on the server should never be visible or accessible to the end user without appropriate privileges. |
To learn more about adding or creating a system property, see Add a system property.