Code

Do not use GlideRecord query inside ACL


Performance
2h 30m to fix

Why is this an issue?

When accessing the database, the ACL scripts are executed once for every record being read in order to determine if the user has the permission. Doing expensive work inside this script will surely slow down your database as it grows. Querying the database is an expensive operation so doing it inside ACL scripts is an issue.

Avoiding queries

Complex conditions will often tempt us to implement them with scripting, overlooking that they could be implemented using other acl tools like the condition builder or composing multiple acls.

Rewrite without the script where possible

Complex conditions will often tempt us to implement them with scripting. Given the following acl script, let's try to find a way to rewrite it without javascript:

1var userGr = new GlideRecord("sys_user"); 2if (userGr.get(gs.getUserID())) { 3 if ( 4 gs.getUser().isMemberOf(current.assignment_group) 5 userGr.user_name == current.sys_created_by || 6 ) { 7 answer = true; 8 } 9}

Writing the logic as a statement, the user can read the record if:

  1. he belongs to the assingment group

    or

  2. he created the record

Condition 1 can be written using the condition builder, and condition 2 is querying the database unecessarily, since it can also be written with the condition builder.

The script would be fully expressed with:

1Assignment group -> is (dynamic) -> One Of My Groups 2 OR Created by -> is -> javascript:gs.getUserName()
Client navigation

© Copyright 2025. All rights reserved.