Use of secure insert multiple operation within import set API [New in Security Center 1.3]

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Use the com.glide.import_set_api.insert_multiple_optimize property to control whether GlideRecordSecure or GlideRecord is used for the Insert Multiple operation within the Import Set API.

    If com.glide.import_set_api.insert_multiple_optimize is set to the recommended value of false, then GlideRecordSecure will be used to insert records, and table-level access control lists (ACLs) will be evaluated. If this property is set to true, GlideRecord will be used to insert records, and table-level ACLs will not be evaluated; In addition, you must ensure that Import Set API Insert Multiple REST Endpoint ACL (sys_id: 3101b770ff2211105cf343d0653bf182) is active and that users have the role, import_transformer.

    More information

    Attribute Description
    Configuration name com.glide.import_set_api.insert_multiple_optimize
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value false
    Default value false
    Category Access control
    Security risk
    • Severity score: 6.5
    • CVSS score: Medium
    • Security risk details: If this property is not set to false, a low-privileged user could insert data into tables outside the scope of their privileged roles.
    Revertible behavior Both safe override and No DB Override.
    Dependencies and prerequisites None
    Functional impact This property optimizes the performance of Import Set API by using GlideRecord to save data. When the parameter is set, it requires an integration user to have the import_transformer role to access the API.
    References https://developer.servicenow.com/blog.do?p=/post/gliderecord-vs-gliderecordsecure