Default deny (instance security hardening)

Use the glide.sm.default_mode property to control the default behavior of security manager when it finds that existing ACL rules are a part of wildcard table ACL rules.

When the High Security Settings (com.glide.high_security) plugin is activated during initial instance installation, it creates this property, and wildcard ACL rules come into existence. To provide role-based access to system tables, these rules control a significant number of ACLs and most common record-based operations:

Read
Write
Create
Delete

Unless you use the High Security plugin with default deny option enabled, many tables are not protected. The Now Platform uses a default deny security model that prevents non-administrator users from accessing objects unless they meet a matching ACL rule. Using this model, it removes many attack vectors, such as insecure scripts.

More information


Attribute	Description
Property name	glide.sm.default_mode
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	Best security practice would be to restrict an Access to the tables by an unauthorized user. If there are no ACL rules in place for tables, this property ensures that at least wildcard ACLs are validated for any CRUD operation performed on the table/field. These rules restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.
Recommended value	deny
Functional impact	(High) If you set this property to Allow, the wildcard table ACL rules allow CRUD operations on all tables unless there are specific table ACL rules in place to restrict such operations. Note: This plugin is not intended for existing instances, as it might modify security access to tables that are already in use in a production environment.
Security risk	(High) Non-administrator users can access objects that match the wildcard table ACL rules.
References	Default deny property

To learn more about adding or creating a system property, see Add a system property.

Default deny (instance security hardening)

Use the glide.sm.default_mode property to control the default behavior of security manager when it finds that existing ACL rules are a part of wildcard table ACL rules.

Read
Write
Create
Delete

More information


Attribute	Description
Property name	glide.sm.default_mode
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	Best security practice would be to restrict an Access to the tables by an unauthorized user. If there are no ACL rules in place for tables, this property ensures that at least wildcard ACLs are validated for any CRUD operation performed on the table/field. These rules restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.
Recommended value	deny
Functional impact	(High) If you set this property to Allow, the wildcard table ACL rules allow CRUD operations on all tables unless there are specific table ACL rules in place to restrict such operations. Note: This plugin is not intended for existing instances, as it might modify security access to tables that are already in use in a production environment.
Security risk	(High) Non-administrator users can access objects that match the wildcard table ACL rules.
References	Default deny property

To learn more about adding or creating a system property, see Add a system property.

How search works:

Topics are ranked in search results by how closely they match your search terms

Default deny

Default deny (instance security hardening)

More information

On this page

Default deny

Default deny (instance security hardening)

More information

Log in to personalize your search results and subscribe to topics