Adding ACLs To The Incident And Change Variable Editor

Out of the box, comes two very useful formatters:

Incident Variable Editor
Change Variable Editor

For those who haven’t used them (probably a very very limited few I’m guessing), these formatters display the variables which were submitted with the form.

When configuring security for the system, I wanted to hide the variable editor using ACLs and use the same logic as securing the rest of the form. The issue is however, ACLs cannot be applied to formatters (that bugs me a little bit but oh well, a topic for another day 🙂 ).

So digging into it a bit deeper, I found a very easy (and out of the box’ish) solution for it…

The trick is to use a field type of ‘Variables’. Never seen this field type before? That’s because it’s locked away. To unlock it, go to the sys_glide_object. This table stores all the field types available.

There’s one called ‘variables’. Just mark it as visible=true and it immediately becomes selectable as a field type. Just add this field to the form instead of your normal ‘Incident variable editor’ or ‘Change variable editor’.

Now any table.* or even table.field ACLs will work on the variable editor as if it was any normal field.

Simple and quick.
I found this extremely useful when working on our HR product where data security is a number one concern.


  1. Hi Ahmed, I’ve ran into the issue where I need to apply a read ACL to the variables on the Requested Item. I’ve tried the solution of enabling the ‘variables’ in the sys_glide_object table, but the field was still not selectable in my drop down of fields to choose from for applying the ACL. Were there any additional steps that you took to make this visible as I’m unable to replicate the steps with the same, and desired, results.




    • Hi David, after enabling the field in the sys_glide_object table, you need to create a new field via the dictionary on the table. Same way as you do for a string field, or boolean etc except you select a type of ‘variables’. Once you create that field on the table, it’ll then be selectable on the ACL list just like any other field. You can then remove the out of the box formatter from the form and use the new variables field you created.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.