Prevent Empty ACL Creation [New in Security Center 2.0]
Set the glide.security.empty_acl.popup_window.enabled property to the secure value of true to block attempts to create, update, or save an invalid ACL. This setting will also provide a client-side model to configure a role or security attribute for the ACL.
The glide.security.empty_acl.popup_window.enabled property determines whether users making form-based edits to access control lists (ACLs), specifically sys_security_acl, can create, update, or save an invalid ACL that has an invalid data condition, script, security attribute, or roles list. Otherwise, it remains unconfigured (an empty ACL). As of the Xanadu release, any empty ACL will deny access. In ServiceNow versions prior to Xanadu, an empty ACL will permit unconditional access.
When the glide.security.empty_acl.popup_window.enabled property is set to the secure value of true, it blocks attempts to create, update, or save an invalid or empty ACL, and provides a client-side model to configure a role or security attribute for the ACL. If the property is set to the unsecure value of false, then such attempts will be permitted, and no client-side model will be displayed.
Note: This property is case-sensitive. For example, a value of True (capital "T") will be evaluated as false. Moreover, this property only functions when the High Security (com.glide.high_security) plugin is installed and active.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.security.empty_acl.popup_window.enabled |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | string |
| Recommended value | true |
| Default value | true |
| Category | Validation, sanitization, and encoding |
| Security risk |
|
| Dependencies and prerequisites | None |
| Functional impact | This property allows the user to toggle the empty ACL warning popup on and off. |
| References | Prevent Empty ACL Creation [New in Security Center 2.0] |