Configure Service Portal Widgets Table Allow List

Release version: Australia

Updated March 12, 2026

1 minute to read

Learn how the glide.service_portal.widget.table_allow_list property enhances security by listing tables accessible to unauthenticated users through Service Portal widgets, dependent on additional checks and specific glide property settings.

The glide.service_portal.widget.table_allow_list property contains the list of tables allowed to be accessed by unauthenticated users through Service Portal widgets that make use of the additional security checks provided in the SNCACLWidgetUtil script include. This property is only enforced if the Glide Property The glide.service_portal.widget.table_allow_list property is true. There may be unauthenticated information disclosure if unnecessary tables are listed in this property. Table ACLs will still be evaluated as previously occurred.

Ensure that the glide.service_portal.widget.table_allow_list property is empty, or the list is restricted to the smallest number of tables with use cases for unauthenticated access.

More information


Attribute	Description
Configuration name	glide.service_portal.widget.table_allow_list
Configuration type	System Properties (/sys_properties_list.do)
Data type	String
Recommended value	<empty>
Default value	<none>
Fallback value	<empty>
Category	Access control
Security risk	Severity score: 3.7 CVSS rating: Low Security risk details: Unauthenticated users may gain access to sensitive data through Service Portal widgets, potentially leading to information disclosure despite existing table ACLs.
Functional impact	The table list controls access to the tables from which the widget is allowed to retrieve data.
Dependencies and prerequisites	The glide.service_portal.widget.enforce_public_check property must be set to true for the glide.service_portal.widget.table_allow_list setting to take effect.