- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2018 08:59 PM
Hello All,
I ave a requirement to restrict capability of an user when he has impersonated someone. Basically if an admin impersonates some other admin and tries to modify somethings like Update Sets ACLs, he should not be allowed to. Is there any variable set when person impersonates someone and can be leveraged to restrict access? When Person A impersonates person B and modifies update sets or tables etc, the updated by will be Person B which is not right and creates problem. Any suggestions to either restrict capability or audit who has done the changes?
Thanks
Solved! Go to Solution.
- Labels:
-
Reference Architecture
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2018 10:49 PM
Hi Sunil,
You can check for impersonation through the current session and use this in your ACLs/etc. to block those certain actions.
For example, to return false as the answer in an ACL script when someone is using impersonation:
answer = !(GlideImpersonate().isImpersonating());
Here is a reference to read through: GlideImpersonateAPI
Thanks,
-Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2018 09:57 AM
