Apply ACLs to AJAXGlideRecord (client side Glide record)

From within client scripts, it is possible to query arbitrary data from the server via the AJAXGlideRecord (renamed to GlideAjax) API, by using a syntax similar to a server-side glide record. This is an extremely powerful and useful tool in many deployments.

If you choose to apply access control lists (ACL) to GlideAjax API calls, then you can only query data to which the currently connected user has rights to access. For example, if the user is logged in as an ESS user who has no rights to read the cmn_location table, then any GlideAjax API call on his behalf would fail.

If you run the system without an ACL checking on GlideAjax calls, then the API can return information that the currently logged in user could not otherwise access via the UI.

Property Default

Apply standard security ACLs to AJAXGlideRecord calls

ACL checking enforced