Restricting Returned Client Side GlideRecord Data

The credit for this one goes to Billy Matthews from a comment on one of my previous posts.

Client side GlideRecord is never really recommended to use. There are two main reasons for this:

  • ACLs are enforced and so you will need to ensure that the table and the fields you want have the correct ACLs to enable the user to access the data
  • Performance is not as good as GlideAjax because it brings back all GlideRecord data rather than just relevant data

As for the first point, this still remains an issue and needs to be handled. However, Billy let me know of an undocumented feature within the client side GlideRecord object to restrict what data comes back.

There is a function called setDisplayFields which takes an array of fields as an input. The GlideRecord will only return those values in the return call and so limit the amount of data being passed back to the client.

For example, if you want to get a user’s telephone number and the manager’s telephone number, you would just need to pass in those two field attributes:

var gr = new GlideRecord('sys_user');
gr.addQuery('sys_id', "user_sys_id");
gr.setDisplayFields(['phone’,'manager.phone']);
gr.query(callbck);

The nice thing here is that you can even dot walk through fields and ServiceNow will automagically handle that for you.

Not sure how this works or why, but I’ve tested it a few times and certainly does the trick. I’d still recommend using a client callable script include with GlideAjax just for the security concerns.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s