SN System Properties Reference
Property reference

glide.security.explicit_roles.internal_user_blacklist

The glide.security.explicit_roles.internal_user_blacklist property specifies a list of user classes that should not be assigned the snc_internal role. This ensures that users in these classes are assigned the snc_external role instead, which is crucial for maintaining security in environments with external users.

Default: csm_consumer_user,customer_contact,sn_csm_service_organization_external_staff Type: string Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? It prevents specific user classes from being assigned the snc_internal role, ensuring they receive the snc_external role when the Explicit Roles plugin is active.
What area does it affect? User Role Management
What does the default mean? The default value is "csm_consumer_user,customer_contact,sn_csm_service_organization_external_staff", which is the baseline setting used unless it is changed.
When should you review it? Review this property when configuring user roles for external access or during security audits.

Out of the box property record

Raw metadata from the property record.

Property name glide.security.explicit_roles.internal_user_blacklist
Sys ID 7ea8fdf15b130010e49a8e3cbc81c792
Type string
Application Global
Default value csm_consumer_user,customer_contact,sn_csm_service_organization_external_staff
Description A CSV list of classes that extend sys_user. If a user belongs to one of the classes mentioned in this property, then it will always be assigned snc_external role when 'Explicit Roles' plugin is installed. Users of extended classes, for class names mentioned in the property, will also assigned 'snc_external' role.
Updated 2022-04-07 20:52:20

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated. 2219 The glide.security.explicit_roles.internal_user_blacklist property The Explicit Roles plugin assumes that all existing users in the sys_user table at the time the plugin is installed are internal customers. A fix script assigns the snc_internal ...
Documentation excerpt View supporting context
Context preview Snippet 2
... role. Use the glide.security.explicit_roles.enable_internal_user_blacklist system property to prevent external users from being assigned the snc_internal role. When this property is set to true, it enforces the parameters of the maint-protected glide.security.explicit_roles.internal_user_blacklist property. This property assigns the snc_external role to a list of untrusted user classes. If glide.security.explicit_roles.enable_internal_user_blacklist is set to false, the glide.security.explicit_roles.internal_user_blacklist property is ignored. ◦(Old‎ This property prevents external ...