Enforce scoped ACL access for information request playbooks [New in Security Center 1.3 and updated in 1.5]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Use the glide.enforce_security_scope.sn_gsm_info_req property to control access to playbook data for the Information Request playbooks feature.

    The Information Request Playbook application enables public sector end users to submit and track public record requests and provides government agents with a pre-defined process for handling and resolving these requests. If glide.enforce_security_scope.sn_gsm_info_req is not set to true, unexpected access could be granted to playbook data for the Information Request playbooks application. Set this property to true to only consider ACLs from the sn_gsm_info_req scope when granting access.

    More information

    Attribute Description
    Configuration name glide.enforce_security_scope.sn_gsm_info_req
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value true
    Default value true
    Category Access control
    Security risk
    • Severity score: 4.3
    • CVSS score: Medium
    • Security risk details: If this property is set to false, then ACLs from all scopes are considered when granting access to playbook data in the scope master table. This would expose information request playbook data.
    Dependencies and prerequisites None
    References