Securing Applications Against Access from Other Applications Flashcards

1
Q

Where are application settings edited?

things such as availability of cross-scoped tables

ability for cross-scope scripts to run on application resources

A

Open the application in studio

Open the “File” menu then click “Settings” menu item

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Runtime Access Tracking is used to manage script access to resources from other applications. This is known as cross-scope access because the records are in different application scopes. What are the three settings?

A

None: No authorization required for application scripts to access resources from other applications as long as the other applications allow it. No record is created in the Application Cross-Scope Access table.

Tracking: Allows application scripts to access resources from other applications. A record for the access is automatically inserted in the Application Cross-Scope Access table with a Status value of Allowed. This is the default setting.

Enforcing: Allows application scripts to access resources from other applications only after an admin authorizes the access. A record is automatically added to the Application Cross-Scope Access table with a Status value of Requested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

where can admins see the table of cross scope authorizations?

A

System Applications > Application Cross-Scope Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What will happen in the following scenario:

A server-side script in the Employee Special Days application attempts to execute a GlideRecord query against the Incident table. The Incident table is in the Global scope.

The runtime access tracking for “Employee Special Days” application is set to enforcing

A

A server-side script in the Employee Special Days application attempts to execute a GlideRecord query against the Incident table. The Incident table is in the Global scope.

In this case, it is not because the Enforcing setting requires an admin to authorize the access.

The admin must go to “System Applications > Application Cross-Scope Access” and change the “Requested” status to “Allowed”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cross-scope access privileges can be granted for:

A
  • Table
    • Read
    • write
    • create
    • delete
  • Script Include
    • Execute API
  • Scriptable (script objects)
    • Execute API
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the “Restrict Table Choices” checkbox do?

A

When selected this application setting limits application file configuration to tables from the current application only

Not selected by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are settings configured in the Application Settings? More than one response may be correct.

  1. Accessible from
  2. Allow configuration
  3. Can update
  4. Runtime Access Tracking
  5. Restrict Table Choices
A

The correct responses are 4. Runtime Access Tracking and 5. Restrict Table Choices. The other responses are configurations on the Application Access section of a Table form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which Runtime Access Tracking option prevents a script from accessing resources until explicitly allowed?

  1. None
  2. Blocking
  3. Enforcing
  4. Tracking
  5. Validating
A

The correct response is 3. Enforcing. None does nothing to prevent or track access. Tracking creates a record on the Application Cross-Scope Access table to track that an application has accessed resources from another application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False? The NeedIt table is the only table available because the Restrict Table Choices option is selected in the Application Settings.

A

The correct response is true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is NOT a database setting in the Application Access section of a Table?

  1. Can create
  2. Can read
  3. Can write
  4. Can update
  5. Can delete
A

The correct response is 3. Can write.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is the cause for the error in the log?

  1. Accessible from is configured to This application scope only
  2. Allow access to this table via web services is deselected
  3. Allow Configuration is deselected
  4. Can update is deselected
  5. Can read is deselected
A

The correct response is 2. Allow access to this table via web services is deselected. The Error message indicates access is denied by WebService Access Policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following best describes the purpose of the Allow configuration option in the Application Access section of a Table record?

  1. Allows out-of-scope applications to create application files for a table
  2. Allows out-of-scope applications to create records for a table
  3. Allows out-of-scope applications to adjust form and list layouts for a table
  4. Allows out-of-scope applications to extend a table
  5. Allows out-of-scope applications to configure access control for a table
A

The correct response is 1. Allows out-of-scope applications to create application files for a table. When Allow configuration is selected, out-of-scope applications can create Business Rules, Client Scripts, new fields, and UI Actions for a table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Core Concepts:

A
  • Runtime Access Tracking manages script access to resources from other applications:
    • Table
    • Script Include
    • Scriptable
  • Runtime Access settings are:
    • None
    • Tracking
    • Enforcing
  • Application Access controls which scope(s) can perform database operations against application tables:
    • This application scope only
    • All application scopes
  • Application Access restricts database operations:
    • Can read
    • Can create
    • Can update
    • Can delete
  • Table access by web services can be disabled
  • Restrict whether out-of-scope applications can create application files:
    • Business Rules
    • New fields
    • Client Scripts
    • UI Actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly