Enforce field-level ACLs on records created from the query string of the Filtered List view UI of a table

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Use a system property to prevent list filters from affecting the initial values of created records.

    Use the com.glide.acl_check_all_filter_on_new system property to ensure field level ACLs are evaluated when query string parameters are applied during the creation of new table records triggered from the UI.

    When a new record is created from the list view UI of a table, the field values included in the filter query string are applied to the new record.

    For example, using this filter:

    author={62826bf03710200044e0bfc8bcbe5df1}^state={3}

    The Author field is assigned the value 62826bf03710200044e0bfc8bcbe5df1 and State is assigned the value 3, regardless of their default value. The com.glide.acl_check_all_filter_on_new property ensures that field level ACLs are evaluated for all fields when a record is created from the filtered list view UI of a table. There are exceptions to this property, which are applied in the following order:

    1. If the ignore_filter_on_new dictionary attribute is set for a field, then the value of that field in a filter query string is never used in record creation from the filtered list view UI of a table.
    2. If the acl_check_filter_on_new dictionary attribute is set for a field, then ACLs must be checked for that field on record creation from the filtered list view UI of a table.
    3. If the allow_filter_on_new dictionary attribute is set for a field, then ACLs aren't checked for that field on record creation from the filtered list view UI of a table.
    4. The sys_domain field and other domain fields specific to a table and defined by the glide.sys.domain.domain_determining_field.{table_name} property aren't checked by ACLs on record creation from the filtered list view UI of a table.
    5. If the com.glide.acl_check_all_filter_on_new system property is set to true, then ACLs must be checked for all other fields on record creation from the filtered list view UI of a table.
    6. If a field's type is listed in the com.glide.ignore_filter_on_new.field_types system property, then ACLs must be checked for that field on record creation from the filtered list view UI of a table.

    Ensure that the com.glide.acl_check_all_filter_on_new system property is set to true.

    More information

    Attribute Description
    Configuration name com.glide.acl_check_all_filter_on_new
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value false
    Fallback value false
    Category Access control
    Security risk
    • Severity score: 4.8
    • CVSS score: Medium
    • Security risk details: When com.glide.acl_check_all_filter_on_new is set to false, then ACLs aren't checked for fields on new record creation from the filtered list view UI of a table, unless one of the other exceptions applies. In such a situation, ACLs can be bypassed by users without create access to fields. This allows protected fields to be set to improper values on record creation through the filtered list view UI of a table.
    Functional impact When com.glide.acl_check_all_filter_on_new is set to true, then ACLs may prevent fields included in the filter query string from affecting the value of fields in a created record when the creation is triggered from the list view UI of a table. However, this previous behavior was incorrect as it bypassed ACLs and allowed user without creation access to a field to modify its value.
    Dependencies and prerequisites None