User 'XYZ' is able to impersonate some users but cannot impersonate certain specific users anymore

Go to solution
rmaroti
Tera Contributor

‎06-26-2025 04:18 AM

Hi Everyone,

 

In my instance user 'XYZ' is able to impersonate some users but cannot impersonate certain specific users anymore.

 

What will be the issue can anyone suggest ?

0 Helpfuls
  • 309 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎06-26-2025 04:25 AM

@rmaroti 

XYZ is trying to impersonate which user? the user whom he/she is trying to impersonate has what role?

User with lower role cannot impersonate user with higher role

Points to check

1) non admins cannot impersonate admin even if they have impersonator role.

2) inactive, locked out users cannot be impersonated

3) Did somebody add some custom solution in OOTB Script Include "ImpersonateEvaluator"?

4) is that user trying to impersonate other scope role users such as HR, SecOps etc?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Dr Atul G- LNG
Tera Patron
Tera Patron

‎06-26-2025 04:19 AM

Hi @rmaroti 

A regular impersonated user cannot impersonate a user with a higher role, such as admin. This means, for example, an ITIL user cannot impersonate an admin user.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Go to solution
OlaN
Giga Sage
Giga Sage

‎06-26-2025 04:22 AM

Hi,

This could be security-related perhaps.

For example, you shouldn't be able to impersonate a user with specific roles unless you (as admin) also has those roles.

One example is the HR-scope. An admin who isn't HR-admin should not be able to impersonate an HR-admin persona and grant himself additional privilieges (within the HR scope).

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎06-26-2025 04:25 AM

@rmaroti 

XYZ is trying to impersonate which user? the user whom he/she is trying to impersonate has what role?

User with lower role cannot impersonate user with higher role

Points to check

1) non admins cannot impersonate admin even if they have impersonator role.

2) inactive, locked out users cannot be impersonated

3) Did somebody add some custom solution in OOTB Script Include "ImpersonateEvaluator"?

4) is that user trying to impersonate other scope role users such as HR, SecOps etc?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls