Enforce Security Scope for Agent Workspace for HR Case Management [New in Security Center 1.5 and updated in 2.0]
Configure the Agent Workspace for HR Case Management plugin so that data in scope master tables can only be accessed by users with the correct permissions, enforcing the principle of least privilege.
When the glide.enforce_security_scope.sn_hr_agent_ws plugin is configured to the recommended value of true, then only the access control lists (ACLs) within the Agent Workspace for HR Case Management plugin are used to determine access to a resource. When this setting is set to false, then Agent Workspace for HR Case Management data in scope master tables are exposed because the ACLs from all scopes are granted access.For example, an IT Administrator can access Agent Workspace for HR Case Management data when this setting is set to false. To prevent this from happening, set glide.enforce_security_scope.sn_hr_agent_ws to the recommended value of true which ensures that the principle of least privilege exists as users can only access resources they have permission to.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.enforce_security_scope.sn_hr_agent_ws |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | true |
| Category | Access control |
| Security risk |
|
| Dependencies and prerequisites | Agent Workspace for HR Case Management |
| Functional impact | Configuring this setting to true will enforce global ACLs to be executed for a table, if scoped ACLs do not exist for it. |
| References |