Configure Service Portal Widgets Allow List

Release version: Australia

Updated March 12, 2026

1 minute to read

Learn how to configure the glide.service_portal.widget.allow_list property securely so that the access control lists (ACLs) for the tables do not expose sensitive information.

The glide.service_portal.widget.allow_list system property determines the list of widgets that are allowed to attempt to access any table on the instance. ACLs for those tables will still be enforced. If there are misconfigured empty ACLs on tables on the instance, widgets in this list may allow access to those tables, leading to information disclosure. This property is only enforced if the widget makes use of SNCACLWidgetUtil, and the property glide.service_portal.widget.enforce_public_check is set to 'true.

Ensure that the glide.service_portal.widget.allow_list system property has an empty value empty or does not exist.

More information


Attribute	Description
Configuration name	glide.service_portal.widget.allow_list
Configuration type	System Properties (/sys_properties_list.do)
Data type	String
Recommended value	<empty>
Default value	<none>
Fallback value	<empty>
Category	Access control
Security risk	Severity score: 3.7 CVSS score: Low Security risk details: Unauthenticated users may gain unintended access to sensitive table data via Service Portal widgets, resulting in potential information disclosure.
Dependencies and prerequisites	For the glide.service_portal.widget.allow_list setting to be applicable, the glide.service_portal.widget.enforce_public_check property must be set to true.
Functional impact	This property enables customers to access any table information if the widget is set to public and is included in the property's value.