Restrict access to emails with empty target table

Release version: Australia

Updated March 12, 2026

1 minute to read

Activate the glide.email.email_with_no_target_visible_to_all property to restrict user access to emails, unless they were the one who sent the email or have an admin role.

If the glide.email.email_with_no_target_visible_to_all system property isn't set to the recommended value of false, then low level users will have access to emails which are not their own.

Ensure that the property glide.email.email_with_no_target_visible_to_all is set to false.

More information


Attribute	Description
Configuration name	glide.email.email_with_no_target_visible_to_all
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	false
Default value	<none>
Fallback value	false
Category	Access control
Security risk	Severity score: 6.5 CVSS rating: Medium Security risk details: Emails that lack a specific target record may become visible to all users, resulting in unauthorized access to potentially sensitive communication and violating principles of least privilege and data confidentiality.
Functional impact	Users are no longer able to see emails where target table is empty unless they are an admin or were the sender of the email.
Dependencies and prerequisites	None