Use the glide.sm.default_mode property to control the default behavior of security manager when it finds that existing Access Control List (ACL) rules are a part of wildcard table ACL rules.

Prevent your instance's legacy security manager from allowing access to resources when there are no ACLs defined for that resource, or if there are only wildcard table-level ACLs (for example, incident.*). When allowed access by default, anything that does not have explicit ACLs set is susceptible to manipulation.

Set the glide.sm.default_mode system property value to deny to disallow access when there are no define ACL rules, or there are only wildcard table-level ACLs.

Warning: This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

More information

AttributeDescription
Property name glide.sm.default_mode
Configuration type System Properties (/sys_properties_list.do)
Category Architecture, design, and threat modeling
Purpose Best security practice would be to restrict an Access to the tables by an unauthorized user.
  • If there are no ACL rules in place for tables, this property ensures that at least wildcard ACLs are validated for any CRUD operation performed on the table/field.
  • These rules restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.
Recommended value deny
Functional ImpactIf you set this property to Allow, the wildcard table ACL rules allow CRUD operations on all tables unless there are specific table ACL rules in place to restrict such operations.
Note: This plugin is not intended for existing instances, as it might modify security access to tables that are already in use in a production environment.
Security risk 6.3
References Default deny property

To learn more about adding or creating a system property, see Add a system property.