Configuring read-only security options

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Read-Only Security Options

    This guide provides instructions on configuring read-only fields within ServiceNow, allowing organizations to control editing permissions as per their security and usability requirements. Read-only fields are designed to limit modifications in specific scenarios, and the system offers several configurable options to tailor their behavior.

    Show full answer Show less

    Key Features

    • Read-Only Options: You can select from various options to determine how read-only fields behave:
      • Instance Configured: Default for fields created before the Australia release, allowing testing of read-only behavior in non-production instances.
      • Display Read Only: Shows the field as read-only in the UI but permits changes via client scripts and server-side operations.
      • Client Script Modifiable: Displays the field as read-only in the UI, allowing modifications via client scripts only.
      • Strict Read Only: Prevents any changes from both client scripts and server-side APIs, ensuring maximum security.
    • Testing Read-Only Behavior: Use a non-production instance to test and validate the behavior of read-only fields by adjusting the glide.readonly.legacyreadonlybehavior system property.

    Key Outcomes

    By configuring read-only options, ServiceNow customers can ensure proper control over field modifications, enhancing security while accommodating necessary usability. Testing configurations in non-production environments helps verify that customizations and client scripts function as intended before deployment into production.

    Control the ability to edit read-only fields by configuring read-only options.

    Read-only fields are intended to restrict modifications in specific situations. In addition, the system provides configurable read-only options that enable you to customize the behavior of read-only fields according to your requirements, while balancing usability and security. You can adjust the read-only behavior by updating the Read only option field in a dictionary record.

    Available read-only options

    Instance Configured
    Default Read only option value for read-only fields created prior to the Australia release. Used for maintaining backwards compatibility and testing read-only behavior in non-production instances.

    When the Read only option is set to Instance Configured in a dictionary record, read-only behavior is derived from the glide.read_only.legacy_read_only_behavior system property. By default, the property is set to client_script_modifiable, which honors the pre Australia read-only behavior, allowing changes to read-only fields through client scripts.

    Display Read Only
    Displays the field as read-only in the UI, but allows changes to the read-only field through client scripts and server-side operations such as TableAPI, GraphQL, and GlideRecordSecure().
    Client Script Modifiable
    Displays the field as read-only in the UI, and allows changes to read-only fields through client scripts but not through background scripts or server-side APIs like TableAPI, GraphQL, and GlideRecordSecure().
    Strict read only
    Displays the field as read-only in the UI, but prevents any changes from both client scripts and server-side APIs.

    Testing read-only behavior

    The Instance Configured read-only option maintains backwards compatibility for read-only fields created prior to the Australia release, and also enables you to test other read-only options on a non-production instance before implementing them on your production instance.

    When the Read only option is set to Instance Configured, read-only behavior is determined by the glide.read_only.legacy_read_only_behavior system property. The default value for the glide.read_only.legacy_read_only_behavior system property is client_script_modifiable, which means the field appears as read-only in the UI, but can still be changed by a client script.

    You can test read-only behavior on a non-production instance by updating the system property with the following values and then validating that your fields and client scripts work as expected.

    • display_read_only
    • client_script_modifiable
    • strict_read_only
    Important:
    The glide.read_only.legacy_read_only_behavior system property is only intended for testing read-only behavior on non-production instances. Updating this property affects all fields where the Read only option field is set to Instance Configured.

    For example, to verify that tighter security controls still work with your client scripts and other customizations, you can set the glide.read_only.legacy_read_only_behavior property to strict_read_only in a non-production instance, and then test the behavior. After you verify the behavior in a non-production instance, you can update individual fields on your production instance to use the Strict Read Only option on a field-by-field basis.