Use the glide.image_provider.security_enabled property restrict unauthenticated access to image attachments. If set to true, images are visible to any authenticated user but no unauthenticated user. If set to false, images are visible to anyone with a URL to the attachment. Thumbnails of an attached image maintain the same policy as the original attached image and are accessible to the same set of users as the original attached image. When this property is enabled, more fine grained access control for unauthenticated users is obtained through entries in the Security Allow/Deny List Entities [sys_security_restricted_list] table and through the declaration of public KB articles for those images attached to KB articles. These exceptions to the default policy for unauthenticated users when this property is true are applied in the following order.

1. If the table of an attached image or parent table of a thumbnail image is deny-listed in the Security Allow/Deny List Entities [sys_security_restricted_list] table, access is denied to the image/thumbnail.
2. If the table of an attached image or parent table of a thumbnail image is allow-listed in the Security Allow/Deny List Entities [sys_security_restricted_list] table, access is granted to the image/thumbnail.
3. If the table of an attached image or parent table of a thumbnail image is included in a public KB article, access is granted to the image/thumbnail.

Ensure that the property glide.image_provider.security_enabled is set to true. If the property does not exist on the System Properties [sys_properties] table, the default value is false.

More information

To learn more about adding or creating a system property, see Add a system property.