Restrict access to emails with empty target table
Activate the glide.email.email_with_no_target_visible_to_all property to restrict user access to emails, unless they were the one who sent the email or have an admin role.
Note:
Emails sent to and received by the instance appear in the sys_email_list table.
However, only received emails that were marked with an Error and Ignored state should have
an empty target table.
More information
| Attribute | Description |
|---|---|
| Property name | glide.email.email_with_no_target_visible_to_all |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure | Access control |
| Purpose | To block email client from showing emails when user doesn't authorize access. |
| Recommended value | false |
| Default value | true |
| Security risk rating | 6.5 |
| Functional impact | Users are no longer able to see emails where target table is empty unless they are an admin or were the sender of the email. |
| Security risk | (Moderate) If the property is not enabled, unauthorized users are able to access any email where the target_table field is empty. |
| References |
https://support.servicenow.com/kb_view.do?sysparm_article=KB0690043 |
To learn more about adding or creating a system property, see Add a system property.