Require AJAXGlideRecord ACL checking

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the glide.script.secure.ajaxgliderecord property to perform access control rule (ACL) validation when server-side records, such as tables, are accessed using GlideAjax APIs within a client script.

The glide.script.secure.ajaxgliderecord systm property toggles ACL validation for GlideAjax API calls. If glide.script.secure.ajaxgliderecord is not set to the recommended value of true, then ACL validation will not be completed for GlideAjax requests.

Ensure that the property glide.script.secure.ajaxgliderecord is set to true.

Warning:

This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

More information


Attribute	Description
Configuration name	glide.script.secure.ajaxgliderecord
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	<none>
Fallback value	true
Category	Access control
Security risk	Severity score: 8.1 CVSS rating: High Security risk details: This could lead to server-side resources being accessed by users without proper authorization.
Functional impact	This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact. For more details on its impact, and how to identify it, see Refer to Audit and review client-side GlideRecord (AJAXGlideRecord) transactions [KB0550828].
Dependencies and prerequisites	None

To learn more about adding or creating a system property, see Add a system property.