Deny internal access to explicit external roles [Updated in Security Center 1.3 and 1.5]

  • Release version: Yokohama
  • Updated June 25, 2025
  • 1 minute to read

    • Use system properties to determine whether external users can be assigned the snc_internal role.

    Use the glide.security.explicit_roles.enable_internal_user_blacklist system property to prevent external users from being assigned the snc_internal role. When this property is set to true, it enforces the parameters of the maint-protected glide.security.explicit_roles.internal_user_blacklist property. This property assigns the snc_external role to a list of untrusted user classes. If glide.security.explicit_roles.enable_internal_user_blacklist is set to false, the glide.security.explicit_roles.internal_user_blacklist property is ignored.

    Note:
    Instances without Explicit Roles installed are not affected. As of the Paris release, new installations of Explicit Roles get the property with a default value of true.

    More information

    Attribute Description
    Configuration name glide.security.explicit_roles.enable_internal_user_blacklist
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Fallback value false
    Category Session management
    Security risk
    • Severity score: 5.4
    • CVSS score: Medium
    • Misconfiguration of this property increases the risk that an external user account gains access to internal information.
    Dependencies and prerequisites None