Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Apply ACLs to AJAXGlideRecord (client-side Glide record)

Log in to subscribe to topics and get notified when content changes.

Apply ACLs to AJAXGlideRecord (client-side Glide record)

From within client scripts, it is possible to query arbitrary data from the server via the AJAXGlideRecord (renamed GlideAjax) API, by using syntax similar to a server-side glide record. This is an extremely powerful and useful tool in many deployments. You can set a system property to perform ACL validation when server-side records (for example, tables) are accessed using GlideAjax APIs within a client script.

If you choose to apply access control lists (ACL) to GlideAjax API calls, then you can only query data to which the currently connected user has rights to access. For example, if the user is logged in as an ESS user who has no rights to read the cmn_location table, then any GlideAjax API call by the user will fail.

If you run the system without an ACL checking on GlideAjax calls, then the API can return information that the currently logged in user could not otherwise access via the UI.
Note: Set this property in System Properties > Security.
Property Default

Apply standard security ACLs to AJAXGlideRecord calls

ACL checking enforced