Configure Service Portal Widgets Table Allow List [New in Security Center 2.0]
Learn how the glide.service_portal.widget.table_allow_list property enhances security by listing tables accessible to unauthenticated users through Service Portal widgets, dependent on additional checks and specific glide property settings.
The glide.service_portal.widget.table_allow_list property contains a list of tables that unauthenticated users can access through Service Portal widgets, which utilize the additional security checks in the SNCACLWidgetUtil script. This property is enforced only if the glide property glide.service_portal.widget.enforce_public_check is set to true. Including unnecessary tables in this property may lead to the disclosure of sensitive information. Nonetheless, Table ACLs will continue to be evaluated as they were previously.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.service_portal.widget.table_allow_list |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | boolean |
| Recommended value | true |
| Default value | false |
| Category | Access control |
| Security risk |
|
| Dependencies and prerequisites | The glide.service_portal.widget.enforce_public_check property must be set to true for the glide.service_portal.widget.table_allow_list setting to take effect. |
| Functional impact | The table list controls access to the tables from which the widget is allowed to retrieve data. |