Restrict write access on system fields to admin users [New in Security Center 7.0]

Rversion finale: Australia

Mis à jour 12 mars 2026

1 minute de lecture

Use the glide.rest.table_api.admin_only_sys_fields system property to control write access the fields generated by the system.

The glide.rest.table_api.admin_only_sys_fields property controls write access to these fields:

sys_id
sys_created_by
sys_created_on
sys_updated_by
sys_updated_on

When this property is set to true, only an admin can write to these fields that are system-generated values. When the property is set to false or it doesn't exist in the System Properties [sys_properties] table, users who have create or write access to a table can write to these system values using the Table API.

Set the property glide.rest.table_api.admin_only_sys_fields to true to prevent non-admin users from updating system fields on records.

More information


Attribute	Description
Configuration name	glide.rest.table_api.admin_only_sys_fields
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	false
Fallback value	false
Category	Access control
Security risk	Severity score: 2.7 CVSS score: Low Users without the admin role could update fields such as sys_created_by or sys_updated_on. This access can impact the integrity of the created or updated record metadata, making records appear as if they were created by another user or updated at a different time.
Functional impact	Any integrations or users without the admin role that use the Table API to create or update records and change these fields are impacted. These requests to the Table API set the query parameter sysparm_suppress_auto_sys_field to false and set those fields in the request body.
Dependencies and prerequisites	None

To learn more about adding or creating a system property, see Add a system property.