Should you avoid using GlideRecord queries in ACL scripts?

Using GlideRecord queries in Access Control List (ACL) scripts is generally advised against for several reasons, which supports the choice to avoid them.

ACLs are designed to define permission rules for accessing records in ServiceNow. They are evaluated dynamically whenever a record is accessed. When GlideRecord is used within an ACL, it can lead to performance issues and potential security vulnerabilities. This is because ACLs are supposed to be lightweight and fast, focusing solely on the authorization to access data without heavy processing like database queries.

When queries are made within an ACL script using GlideRecord, it can slow down the system significantly since every ACL evaluation can potentially trigger multiple database queries for every single record access. This can lead to a degradation of overall platform performance, especially in environments with high traffic.

Additionally, if an ACL performs a GlideRecord operation and fails, it can inadvertently allow access to records that should otherwise be restricted. This could create significant security risks by undermining the intended access control mechanisms in place.

For these reasons, it is optimal to avoid using GlideRecord in ACL scripts to maintain performance and security integrity within the ServiceNow platform.