Securing Applications Against Access from Other Applications

Question 1

Where are application settings edited?

things such as availability of cross-scoped tables

ability for cross-scope scripts to run on application resources

Answer 1

Open the application in studio

Open the “File” menu then click “Settings” menu item

Question 2

Runtime Access Tracking is used to manage script access to resources from other applications. This is known as cross-scope access because the records are in different application scopes. What are the three settings?

Answer 2

None: No authorization required for application scripts to access resources from other applications as long as the other applications allow it. No record is created in the Application Cross-Scope Access table.

Tracking: Allows application scripts to access resources from other applications. A record for the access is automatically inserted in the Application Cross-Scope Access table with a Status value of Allowed. This is the default setting.

Enforcing: Allows application scripts to access resources from other applications only after an admin authorizes the access. A record is automatically added to the Application Cross-Scope Access table with a Status value of Requested.

Question 3

where can admins see the table of cross scope authorizations?

Answer 3

System Applications > Application Cross-Scope Access

Question 4

What will happen in the following scenario:

A server-side script in the Employee Special Days application attempts to execute a GlideRecord query against the Incident table. The Incident table is in the Global scope.

The runtime access tracking for “Employee Special Days” application is set to enforcing

Answer 4

A server-side script in the Employee Special Days application attempts to execute a GlideRecord query against the Incident table. The Incident table is in the Global scope.

In this case, it is not because the Enforcing setting requires an admin to authorize the access.

The admin must go to “System Applications > Application Cross-Scope Access” and change the “Requested” status to “Allowed”

Question 5

Cross-scope access privileges can be granted for:

Answer 5

• Table
  
  • Read
  • write
  • create
  • delete
• Script Include
  
  • Execute API
• Scriptable (script objects)
  
  • Execute API

Question 6

What does the “Restrict Table Choices” checkbox do?

Answer 6

When selected this application setting limits application file configuration to tables from the current application only

Not selected by default

Question 7

Which of the following are settings configured in the Application Settings? More than one response may be correct.

1. Accessible from
2. Allow configuration
3. Can update
4. Runtime Access Tracking
5. Restrict Table Choices

Answer 7

The correct responses are 4. Runtime Access Tracking and 5. Restrict Table Choices. The other responses are configurations on the Application Access section of a Table form.

Question 8

Which Runtime Access Tracking option prevents a script from accessing resources until explicitly allowed?

1. None
2. Blocking
3. Enforcing
4. Tracking
5. Validating

Answer 8

The correct response is 3. Enforcing. None does nothing to prevent or track access. Tracking creates a record on the Application Cross-Scope Access table to track that an application has accessed resources from another application.

Question 9

True or False? The NeedIt table is the only table available because the Restrict Table Choices option is selected in the Application Settings.

Answer 9

The correct response is true.

Question 10

Which of the following is NOT a database setting in the Application Access section of a Table?

1. Can create
2. Can read
3. Can write
4. Can update
5. Can delete

Answer 10

The correct response is 3. Can write.

Question 11

Which of the following is the cause for the error in the log?

1. Accessible from is configured to This application scope only
2. Allow access to this table via web services is deselected
3. Allow Configuration is deselected
4. Can update is deselected
5. Can read is deselected

Answer 11

The correct response is 2. Allow access to this table via web services is deselected. The Error message indicates access is denied by WebService Access Policy.

Question 12

Which of the following best describes the purpose of the Allow configuration option in the Application Access section of a Table record?

1. Allows out-of-scope applications to create application files for a table
2. Allows out-of-scope applications to create records for a table
3. Allows out-of-scope applications to adjust form and list layouts for a table
4. Allows out-of-scope applications to extend a table
5. Allows out-of-scope applications to configure access control for a table

Answer 12

The correct response is 1. Allows out-of-scope applications to create application files for a table. When Allow configuration is selected, out-of-scope applications can create Business Rules, Client Scripts, new fields, and UI Actions for a table.

Question 13

Core Concepts:

Answer 13

• Runtime Access Tracking manages script access to resources from other applications:
  
  • Table
  • Script Include
  • Scriptable
• Runtime Access settings are:
  
  • None
  • Tracking
  • Enforcing
• Application Access controls which scope(s) can perform database operations against application tables:
  
  • This application scope only
  • All application scopes
• Application Access restricts database operations:
  
  • Can read
  • Can create
  • Can update
  • Can delete
• Table access by web services can be disabled
• Restrict whether out-of-scope applications can create application files:
  
  • Business Rules
  • New fields
  • Client Scripts
  • UI Actions