Restrict Global App Development by Role [New in Security Center 2.0]

Rversion finale: Australia

Mis à jour 12 mars 2026

1 minute de lecture

Use the sn_g_app_creator.allow_global property to control which users can create applications in the global scope using the Guided Application Creator.

If sn_g_app_creator.allow_global is set to the recommended value of false, users require the sn_g_app_creator.global role to create applications in the global scope. Conversely, if set to the insecure value of true, any user with the basic sn_g_app_creator.app_creator role can create global applications. Global applications lack scope protection, allowing developers access to extensive features and functions beyond specific scopes. Restricting global application development to users with the additional role adheres to the principle of least privilege.

Remarque :

This property does not come pre-configured in your instance. You must manually create and configure this property according to your organization's needs.

More information


Attribute	Description
Configuration name	sn_g_app_creator.allow_global
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	false
Default value	false
Category	Access control
Security risk	Severity score: 3.3 CVSS score: Low Security risk details: Failing to set this property to the recommended value could allow any user with the sn_g_app_creator.app_creator role to create global applications, which does not adhere to the principle of least privilege.
Dependencies and prerequisites	None
Functional impact	Enhanced the API (/api/now/templates) to validate the create global application ACL and property.