Enforce field ACLs for inbound query requests

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Manage how incoming queries are validated on your instance.

    Use the glide.export.query.enforce_field_acl property to check how incoming queries are validated on your instance. If the property is set to the recommended value of true, field ACLs are checked against incoming queries, and rejected if the user is unauthorized. If the property is set to false, ACLs are not checked against incoming queries and continue to execute which can lead to information disclosure to unauthorized parties.

    More information

    Attribute Description
    Configuration name glide.export.query.enforce_field_acl
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value false
    Category Architecture, design, and threat modeling
    Security risk
    • Severity score: 4.4
    • CVSS score: Medium
    • Security risk details: If this property is set to false, ACLs are not checked against incoming queries which can lead to information disclosure.
    Dependencies and prerequisites None