Enable ACLs for Encoded Query in Simple List Widget
Learn how to set the glide.service_portal.enable_acls_for_encoded_query_in_list property to the secure value to prevent users from bypassing access control list (ACL) evaluations on a query condition in the Simple List Widget.
When the glide.service_portal.enable_acls_for_encoded_query_in_list system property is not set to true, a user may be able to bypass ACLs evaluation on a query condition in Simple List Widget.
Ensure that the glide property glide.service_portal.enable_acls_for_encoded_query_in_list is set to true. If the property does not exist in the System Properties [sys_properties] table, the default value is true.
More information
| Attribute | Description |
|---|---|
| Configuration name | com.glide.script.fencing.cross_scope_access.shared_table_support |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | string |
| Recommended value | true |
| Default value | true |
| Fallback value | |
| Category | Access control |
| Security risk |
|
| Dependencies and prerequisites | None |
| Functional impact | The Simple List Widget may not display any data depending on the user's role and the underlying ACLs. Additionally, users might encounter security warnings if the Simple List query contains filter conditions with properties that are not accessible to the current user. |