Read-only role
-
- UpdatedFeb 2, 2023
- 3 minutes to read
- Utah
- User Administration
The read-only role (snc_read_only) restricts a user or a group of users to read-only access on the tables to which the user already has access.
This role is not intended to be the only role a user has. It is intended to be an extra role to restrict insert, update, and delete operations on the tables that the user can access as defined by the other roles.
After you assign this role to a user, they can no longer create, update, or delete records on ANY tables.
The snc_read_only role can be assigned to any user to limit access to data without having to create ACLs for system tables, custom tables and fields. This practice is useful for performing internal or external audits without allowing a user to have insert or update access to data.
- Cannot insert, update, or delete records from the UI or when using the GlideRecord API.
- Cannot activate or upgrade plugins.
- Cannot directly run SQL.
- Cannot upload XML files.
- Can only run background scripts when on an instance in the public sandbox environment.
Activate the read-only role
If it is not already active, an administrator can activate the Read-Only User Role (com.snc.read_only.role) plugin.
Before you begin
Role required: admin
Procedure
Read-only role properties
These system properties control the snc_read_only role. The following default values are used for the properties.
Name | Description |
---|---|
glide.security.snc_read_only_role.tables.exempt_create | |
Specifies which tables are exempt from the read-only role enforcement and allow the creation of new records.
|
|
glide.security.snc_read_only_role.tables.exempt_write | |
Specifies which tables are exempt from the read-only role enforcement and allow the updating of existing records.
|
|
glide.security.snc_read_only_role.tables.exempt_delete | |
Specifies which tables are exempt from the read-only role enforcement and allow the deletion of existing records.
|
After you configure these properties, assign the read-only role as needed. When users log in, they are restricted from creating, updating, or deleting records on ANY tables unless you modified these properties.