Deny unauthorized access to request items

Release version: Australia

Updated March 12, 2026

1 minute to read

The glide.sc.req_for.roles.default property defines a default behavior for the retrieveAddress API.

The glide.sc.req_for.roles.default system property defines a default behavior for the retrieveAddress API. When there are no roles given in the glide.sc.req_for.roles property, the client callable script include ScriptServiceCatalogGetLocation can be called by any unprivileged logged-in user and can retrieve the address of any other users in the system.

Ensure that the property glide.sc.req_for.roles.default is set to deny.

More information


Attribute	Description
Configuration name	glide.sc.req_for.roles.default
Configuration type	System Properties (/sys_properties_list.do)
Data type	String
Recommended value	deny
Default value	<none>
Fallback value	deny
Category	Access control
Security risk	Severity score: 4.2 CVSS rating: Medium Security risk details: If glide.sc.req_for.roles.default is not set to the recommended value of `deny` and the value of glide.sc.req_for.roles is empty, then any user can request items for other users allowing unauthorized resource access.
Functional impact	None
Dependencies and prerequisites	None