Apply domain separation on dot walked fields [Updated in Security Center 1.3, 1.5, and 2.0]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • The glide.sys.domain.include_domain_condition_on_join property controls whether join queries are given domain separated conditions or not in order to ensure they apply domain separation functionality for dot walked fields.

    This property controls whether join queries are given domain separated conditions or not, in order to ensure they apply domain separation functionality for dot walked fields. If glide.sys.domain.include_domain_condition_on_join is not set to the recommended value of true on an instance using domain separation, then sensitive information could be disclosed that is not to be shared with a specific domain. There may be moderate functional impact to the instance if components are reliant on the unsafe cross domain queries. Instances should be tested in subproduction environments before enabling.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Property name glide.sys.domain.include_domain_condition_on_join
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value True, when domain separation is installed, otherwise the property won't exist.
    Default value false
    Category Access control
    Purpose Controls whether join queries are given domain separated conditions or not, in order to ensure they apply domain separation functionality for dot walked fields.
    Security risk
    • Severity score: 6.5
    • CVSS score: Medium
    • Security risk details: If glide.sys.domain.include_domain_condition_on_join is not set to the recommended value of true, then sensitive information could be disclosed that is not to be shared with a specific domain.
    References Domain separation for service providers