Enforce Query ACLs for Knowledge Quick Links

릴리스 버전: Australia

업데이트 날짜 2026년 03월 12일

소요 시간: 2분

Enforce query ACLs for Knowledge Quick Links using a system property.

When the com.glide.security.query_acl.enabled.knowledge_quick_links system property is set to true, query ACLs are enforced for Knowledge Quick Links. If this property is set to false, an attacker can use blind queries to enumerate and exfiltrate data due to the default behavior of GlideRecord.addEncodedQuery.

If the property doesn’t exist in the System properties [sys_properties] table, the secure default of true is used. A third option, external_and_guests enforces query ACLs only for external users and guests.

Verify that the com.glide.security.query_acl.enabled.knowledge_quick_links system property is set to true.

More information


Attribute	Description
Configuration name	com.glide.security.query_acl.enabled.knowledge_quick_links
Configuration type	System Properties (/sys_properties_list.do)
Data type	String - Used as a ternary operator
Recommended value	true
Default value	true
Fallback value	true
Category	Architecture, design, and threat modeling
Security risk	Severity score: 5.3 CVSS score: Medium Security Risk: ACLs can be bypassed, disclosing field data to users who don’t have permissions to see it. This disclosure could include sensitive data depending on the table exploited.
Functional impact	Users aren’t able to perform specific queries on fields where they don’t have field level access.
Dependencies and prerequisites	None

To learn more about adding or creating a system property, see Add a system property.