Restrict capabilities when impersonated

sunil4050 · ‎09-06-2018

Hello All,

I ave a requirement to restrict capability of an user when he has impersonated someone. Basically if an admin impersonates some other admin and tries to modify somethings like Update Sets ACLs, he should not be allowed to. Is there any variable set when person impersonates someone and can be leveraged to restrict access? When Person A impersonates person B and modifies update sets or tables etc, the updated by will be Person B which is not right and creates problem. Any suggestions to either restrict capability or audit who has done the changes?

Thanks

Brian Dailey1 · ‎09-06-2018

Hi Sunil,

You can check for impersonation through the current session and use this in your ACLs/etc. to block those certain actions.

For example, to return false as the answer in an ACL script when someone is using impersonation:

answer = !(GlideImpersonate().isImpersonating());

Here is a reference to read through: GlideImpersonateAPI

Thanks,

-Brian

View solution in original post

sachin_namjoshi · ‎09-06-2018

Hi,

Impersonation dialog code is implemented in the UI Page named "impersonate_dialog".

YOu can control who you can impersonate in this UI page code.

Regards,

Sachin

sunil4050 · ‎09-06-2018

We can control the type of people whom we want to impersonate in the script include ImpersonateEvaluator. I have done that... but once impersonated, can i restrict capability?

Brian Dailey1 · ‎09-06-2018