Ensure dashboards creation/deletion requires access check [New in Security Center 1.3 and updated in 2.0]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • The glide.processors.check_access_before_process property enables access control list (ACL) enforcement for creating or deleting dashboards when a user is logged in.

    Ensure the Glide Property glide.processors.check_access_before_process exists and is set to the value true. If the property does not appear in the sys_properties table, add a new record.

    More information

    Attribute Description
    Configuration name glide.processors.check_access_before_process
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value true
    Default value false
    Category Access control
    Security risk
    • Severity score: 6.3
    • CVSS score: Medium
    • Security risk details: Disabling this property by setting it to false, enables an ACL bypass on dashboards. This allows all authenticated users with low privileges to delete and add dashboards.
    Dependencies and prerequisites None
    Functional impact This property controls the ability to create new sys_dashboards and delete existing dashboards when a user lacks the necessary access rights. When the value is set to false, users with inappropriate roles can add and delete sys_dashboard entries (though the GlideRecord layer should recheck the existing ACLs). A value of true restricts add and delete operations for users without the required access rights.