Enforce field ACLs for inbound query requests
Manage how incoming queries are validated on your instance.
Use the glide.export.query.enforce_field_acl property to control whether field-level ACLs are enforced on the fields referenced in an inbound query requests. When set to true, field ACLs are checked against fields used in the incoming query, and the query is rejected if the user is unauthorized to access those fields. When set to false, field ACLs are not checked on query conditions, and the query executes regardless of field-level access restrictions.
This property applies only to field ACL enforcement on query conditions. Setting this property to false does not affect whether users can read field values they are not otherwise authorized to view. Field-level read ACLs remain enforced regardless of this setting.
Set the property glide.export.query.enforce_field_acl to true.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.export.query.enforce_field_acl |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | <none> |
| Fallback value | false |
| Category | Architecture, design, and threat modeling |
| Security risk |
|
| Dependencies and prerequisites | None |