Enable contextual security plugin [Updated in Security Center 1.3]
Activate the Contextual Security Plugin (com.glide.role_management) plugin to enable contextual security, which secures a record/information using create, read, write, and delete functionality.
After it is installed and activated, the dictionary roles (created by simple security manager) are no longer tested. Instead, the ServiceNow AI Platform looks for ACL rules on fields and tables. It secures the data with the help of ACL rules instead of traditional, role-based dictionary rules implemented by simple security manager. Even if you configure the dictionary form and add roles to a dictionary entry, no change in rights occurs.
More information
| Attribute | Description |
|---|---|
| Plugin ID | com.glide.role_management |
| Configuration type | System Definition > Plugins |
| Category | Access control |
| Purpose | Unlike the simple security manager, the contextual security manager is aware of the system table hierarchy. You can potentially have different security rules for a field based on where in the hierarchy it appears. |
| Recommended value | Active |
| Default value | There is no default value as this is a plugin, not a Glide property. |
| Security risk rating | 8.1 |
| Functional impact | This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone. |
| Security risk | (High) Functional level access controls must be enforced from the server side prior to executing CRUD operations, ensuring the appropriate level of access to instance users. |
| References |