Access control rules in application administration apps

By default, when application administration is enabled for a scoped application, ACL rules for the scoped application are applied. If no ACL rules for the scoped application are found, global ACL rules can apply.

This behavior applies to configuration records created in tables that extend the Application File [sys_metadata] table only. You can also change the default behavior.

When no access control (ACL) rules for an application administration app are defined, global ACL rules can apply to the configuration records of the application administration apps. See Application files for more information.

To allow a table in an application administration app to inherit global ACL rules, check that the system property is true and add the table to the Application Administration ACL Inheritances table [sys_scoped_admin_acl_inheritance].
  • glide.security.scoped_administration.honor_global_acl system property: If no scoped ACL rules are defined, application administration apps can inherit global ACL rules. By default, this property is enabled for new and upgraded instances.
  • Application Administration ACL Inheritances [sys_scoped_admin_acl_inheritance] table: If no ACL rules for the application administration app are found, tables added to this list inherit global ACL rules. Only the administrator for the application administration app can add, remove, read the records owned by the application administration app in this configuration table.