Enforce SOAP request strict security [Updated in Security Center 1.3]
Use the glide.soap.strict_security property to enforces web service security.
- Basic authentication challenge/response over the HTTP protocol and
- System level access controls in the Enable security jump start plugin (ACL Rules) [Updated in Security Center 1.3].
- If the user has appropriate role to perform the operation, it checks incoming SOAP request for role authorization to validate. It occurs during SOAP web service calls/requests made against ServiceNow AI Platform tables when performing CREATE, READ, UPDATE or DELETE operations.
- Checks the system-level ACLs while retrieving data in the form of SOAP data on the table.
- Checks the field-level ACLs for any CRUD operation performed against a field of table.
ACL checks are only complete for standard Table API calls and not web services.
More information
| Attribute | Description |
|---|---|
| Property name | glide.soap.strict_security |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Access control |
| Default value | true |
| Recommended value | true |
| Functional impact | This remediation enforces the system-level access control while retrieving data from tables/pages in the form of SOAP data on the instance. If there are users currently accessing this data, they are restricted/allowed
to access the data based on the ACL rules. For the default roles that have access to the SOAP data, see SOAP web service. |
| Security risk | (Moderate) Without appropriate authorization configured on the incoming SOAP requests, an unauthorized user can get access to sensitive content/data on the target instance. |
| References |
To learn more about adding or creating a system property, see Add a system property.