UI Extensions Are Internal by Default

UI Extension

With a UI extension, custom fields can be added to 4me forms.  These fields can be given certain properties; to make them required, searchable, hidden, etc. For some categories, such as UI extensions for request templates, problems, and services, a checkbox ‘Internal’ was also available in the ‘Snippets’ section.  When unchecked, the UI extension field would also be visible in external accounts.  Following the principle of Security by Default, several changes have now been made to this checkbox.

First and foremost, the checkbox is now checked by default. In this way, the account designer or account administrator is forced to take action to make the field visible outside the account structure in which the UI extension is created (all the accounts that have the same directory account). This way, the chances of unintentional data leak are greatly reduced.  It is, by the way, also possible to hide the UI extension from other accounts within the account structure. To do this, the option ‘Internal notes and internal UI extension fields are visible in other support domains’ must be unchecked in the Account Settings.

Second, the checkbox has been renamed to ‘Visible only to specialists, auditors, and account administrators of this account’, to emphasize the importance of this checkbox.

UI extension internal default

Third, a warning saying ‘This field will be visible to anyone who can view the record’ is displayed when the checkbox is unticked.

Warning not internal

Finally, ticking the checkbox now generates a UI extension field with a lock icon, making it clear to the user that this field is internal to an account the user has a Specialist role in. Hoovering the mouse pointer over this icon displays the account the field is internal to.

Internal ui extension