Default deny property

Activating the High Security plugin creates the glide.sm.default_mode security property, which controls the security manager default behavior when the only matching ACL rules are the wildcard table ACL rules.

The High Security application also includes a set of wildcard table ACL rules for the most common record-based operations: read, write, create, and delete as well as a significant number of ACLs to provide role-based access to system tables. For example, there are ACLs that grant sys_script access to the business_rule_admin role because that role is documented as being able to manage business rules.

The choices for the glide.sm.default_mode property are:

  • Deny Access: The wildcard table ACL rules restrict the read, write, create, and delete operations on all tables unless the user has the admin role or meets the requirements of another table ACL rule. Other operations, such as report_on and personalize_choices, are unaffected by this setting.
  • Allow Access: The wildcard table ACL rules allow the read, write, create, and delete operations on all tables unless there are specific table ACL rules in place to restrict such operations.
Note: By default, the wildcard table ACL rules are the only ACL rules that check for the value of the glide.sm.default_mode property. If you want to control other operations with this setting, create your own ACL rules to check for this property value.