Scripting and access controls

The majority of JavaScript code that runs on the server, such as in Business Rules and workflows, is unaffected by contextual security. When GlideRecord accesses the database, it does so without regard for any security rules. The majority of the time, this is what you want-a UI Action script can change the state of a read-only field. This means that it is the scriptwriter's responsibility to ensure that a user cannot do something that they shouldn't. Use the canRead and canWrite functions of GlideRecord to check whether the logged-in user has the correct privileges to access the data.

Whilst security rules aren't usually considered in scripts, scope is. As Chapter 2, Developing Custom Applications explains, scope ...

Get ServiceNow: Building Powerful Workflows now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.