Deny unauthorized access to request items [Updated in Security Center 1.3]
The glide.sc.req_for.roles.default property defines a default behavior for the retrieveAddress API.
This property is functional only when glide.sc.req_for.roles has no values. If glide.sc.req_for.roles has values, then this property has no significance and users with only defined roles are given access to the API.
More information
| Attribute | Description |
| Property name | glide.sc.req_for.roles.default |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Access control |
| Purpose | When there are no roles given in the property, the Client Callable Script Include ScriptServiceCatalogGetLocation can be called by any unprivileged logged-in user and can retrieve the address of any other users in the system. This property protects this API to be exposed to unprivileged users. |
| Recommended value | deny |
| Default value | deny |
| Configuration type | Choicelist (allow | deny) |
| Security risk | (Moderate) If glide.sc.req_for.roles.default is not set to the recommended value of deny (allow) and the value of glide.sc.req_for.roles is empty, then any user can request items for other users allowing unauthorized resource access. |
| References | Client-callable script includes |
To learn more about adding or creating a system property, see Add a system property.