Disable GlideRecord Scope Fencing Legacy Behavior [New in Security Center 1.3 and updated in 1.5 and 2.0]
The glide.record.legacy_cross_scope_access_policy_in_script property disables scope fencing allowing scoped apps to access global script interfaces. It was created as a patch to GlideRecord's cross scope access.
GlideRecord provided cross scope create/update access to tables that were not configured with that level of access. In order to prevent customers from having applications broken when this scoped access behavior was patched, the property glide.record.legacy_cross_scope_access_policy_in_script was created. When true, cross scope access falls back onto legacy behavior (insecure). This property disables scope fencing, allowing scoped apps to access global script interfaces.
It is best security practice to have scope fencing restrictions in place. Scoping ensures applications can only access resources with explicit access or within their scope, following the principle of least privilege. Disabiling this feature could lead to confidentiality, availability, and integrity impacts.
Set the Glide Property glide.record.legacy_cross_scope_access_policy_in_script to false. When not present in the sys_properties table, the default value is true.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.record.legacy_cross_scope_access_policy_in_script |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | false |
| Default value | true (when the property does not exist in the sys_properties table.) |
| Category | Architecture, design, and threat modeling |
| Security risk |
|
| Dependencies and prerequisites | None |