Restrict Specific Users from the Impersonation List in ServiceNow

Alka_Chaudhary
Mega Sage
Mega Sage

on ‎10-01-2024 03:13 AM

In ServiceNow, there may be situations where you need to restrict certain users from appearing in the impersonation list. This feature can help maintain security and enforce organizational policies, ensuring that only authorized users are available for impersonation. For instance, restricting the impersonation of key personnel, such as department heads, can be a crucial part of safeguarding sensitive information.

 

How to Implement Impersonation Restrictions

ServiceNow provides an out-of-the-box (OOB) Script Include called ImpersonateEvaluator. By customizing its canImpersonate method, you can control who can be impersonated based on specific criteria.

 

Example: Preventing Department Heads from Being Impersonated

Below is an example script that ensures department heads are excluded from the impersonation list:

 

 

var ImpersonateEvaluator = Class.create();

ImpersonateEvaluator.prototype = {
    initialize: function() {},

    type: 'ImpersonateEvaluator',

    canImpersonate: function(currentUser, impersonatedUser) {
        var userImpersonated = impersonatedUser.getID();
        var checkDept = new GlideRecord("cmn_department");

        checkDept.addEncodedQuery('dept_head=' + userImpersonated);
        checkDept.query();

        // If a record exists where the impersonated user is a department head, return false
        if (checkDept.next()) {
            return false;
        } else {
            // If no matching records are found, allow impersonation
            return true;
        }
    }
};

 

 

How This Works

  • The script queries the cmn_department table to check if the impersonated user is listed as a department head (dept_head).
  • If the user is found in the department head role, the script prevents impersonation by returning false.
  • If the user is not a department head, impersonation is allowed.

 

Benefits of Implementing Impersonation Restrictions

Implementing these types of restrictions is important for several reasons:

  1. Security: It prevents impersonation of high-level users who have access to sensitive information or functionalities.
  2. Control: It allows organizations to customize impersonation policies based on roles or specific users.
  3. Compliance: These controls may be necessary to meet internal or external compliance requirements.

 

Conclusion

By customizing the ImpersonateEvaluator Script Include, you can enhance security in your ServiceNow instance. Excluding key personnel such as department heads from impersonation is just one of many ways to ensure that sensitive roles and responsibilities are protected.

 

Mark this as helpful if this helped!

 

Thanks,

Alka Chaudhary

Labels:
  • 2,232 Views
Version history
Last update:
‎10-01-2024 03:12 AM
Updated by:
Mega Sage
Contributors