Enforce application specific ACLs only for application data
Avoid unauthorized or undesired access to application data by enforcing application-specific access control lists (ACLs) only for application data.
Control the behavior of application data residing in primary tables outside the application. When these properties have a value of true, only the application-specific ACLs are evaluated for access to the application data residing in these tables. Not all applications are designed to work in this configuration or use a System Property [sys_properties] record for this purpose.
These system properties use the glide.enforce_security_scope.<scope> naming format. For example, use the glide.enforce_security_scope.sn_hr_sp property for the Employee Center Core
(sn_hr_sp) scope. The following application scopes contain this property:
|
|
|
|
For each application installed with the glide.enforce_security_scope property in the System Properties [sys_properties] table, (for example, glide.enforce_security_scope.sn_hr_core), ensure the property value is set to true.
注:
These properties can only be modified by the scoped administrator for the specific application. If a sys_properties record does not exist for the given application and respective property, it must be created.
Use this script can to find which properties need to be updated or created on the instance:
var properties = [
'glide.enforce_security_scope.sn_uni_task',
'glide.enforce_security_scope.sn_uni_req',
'glide.enforce_security_scope.sn_svc_appl_info',
'glide.enforce_security_scope.sn_professional',
'glide.enforce_security_scope.sn_opp_market',
'glide.enforce_security_scope.sn_lg_ops',
'glide.enforce_security_scope.sn_lg_matter',
'glide.enforce_security_scope.sn_lg_contracts',
'glide.enforce_security_scope.sn_jny',
'glide.enforce_security_scope.sn_ja',
'glide.enforce_security_scope.sn_imt_vaccine',
'glide.enforce_security_scope.sn_imt_tracing',
'glide.enforce_security_scope.sn_imt_health_test',
'glide.enforce_security_scope.sn_hr_ws',
'glide.enforce_security_scope.sn_hr_va',
'glide.enforce_security_scope.sn_hr_sp',
'glide.enforce_security_scope.sn_hr_pj',
'glide.enforce_security_scope.sn_hr_pad',
'glide.enforce_security_scope.sn_hr_mii_base',
'glide.enforce_security_scope.sn_hr_le',
'glide.enforce_security_scope.sn_hr_le_ent',
'glide.enforce_security_scope.sn_hr_hc',
'glide.enforce_security_scope.sn_hr_gen_ai',
'glide.enforce_security_scope.sn_hr_er',
'glide.enforce_security_scope.sn_hr_ef',
'glide.enforce_security_scope.sn_hr_core',
'glide.enforce_security_scope.sn_hr_awa',
'glide.enforce_security_scope.sn_hr_agent_ws',
'glide.enforce_security_scope.sn_hc_professional',
'glide.enforce_security_scope.sn_gsm_soc_bnfts',
'glide.enforce_security_scope.sn_gsm_lic_prmt_ex',
'glide.enforce_security_scope.sn_gsm_lic_prmt',
'glide.enforce_security_scope.sn_gsm_info_req',
'glide.enforce_security_scope.sn_gsm',
'glide.enforce_security_scope.sn_em',
'glide.enforce_security_scope.sn_egd_goals',
'glide.enforce_security_scope.sn_egd_core',
'glide.enforce_security_scope.sn_egd_act',
'glide.enforce_security_scope.sn_doc',
'glide.enforce_security_scope.sn_talent_aia',
'glide.enforce_security_scope.sn_hr_na_galileo',
'glide.enforce_security_scope.sn_svc_appl_pgm_mg',
'glide.enforce_security_scope.sn_hr_ai_agents',
'glide.enforce_security_scope.sn_egd_lh',
'glide.enforce_security_scope.sn_ecn',
'glide.enforce_security_scope.sn_ni_core',
'glide.enforce_security_scope.sn_hr_voice_aia',
];
var pm = new GlidePluginManager();
for (var i = 0; i < properties.length; i++) {
var property = properties[i];
var application = property.split('.')[2];
var propertyValue = gs.getProperty(property, 'false');
if (pm.isActive(application) && propertyValue.toLowerCase() != 'true') {
gs.print(property);
}
}More information
| Attribute | Description |
|---|---|
| Configuration name | glide.enforce_security_scope.<scope> |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | true |
| Category | Access control |
| Security risk |
|
| Dependencies and prerequisites | None |
To learn more about adding or creating a system property, see Add a system property.