ACL - how to check on impersonate?

Zod · ‎05-08-2017

HI,

I'd like to add to an ACL that impersonating is NOT allowed. So I'd like to ensure ONLY the user himself can do / could have done the "write" on the filed.

Any Advanced code to check for that? Thank you!

Ankur Bawiskar · ‎05-08-2017

Hi Vemffm,

I am not sure whether there would be any functionality in ServiceNow to check whether the current session is actual user's session or it's an impersonation by some other user although impersonation does add log in System logs.

Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.

Thanks

Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

ankit_sharma487 · ‎05-08-2017

hi, I am aware of the IMPERSONATOR role which enables the user to impersonate even being an only itil , he/she can impersonate any admin and perform tasks. so removing the impersonator role from user's profile seems to be easy and straight way.

Zod · ‎05-08-2017

... there for sure is a way to identify, that the form currently is accessed via a "impersonated" user. In the db any changes done are tracked correctly anyhow (showing, that the ADMIN user did the job). Knowing this, there shoule be a way to avoid some things that can be done with the impersonating function.

Like agreeing on certain term for example. No admin should be able to do that for someone else ...

kevan_smith · ‎12-04-2018

Zod, I was working a separate issue and came across the following, which I think answers your question

GlideSystem:: getImpersonatingUserName()

To put in practice, I believe a simple script-based ACL would do the trick:

answer = JSUtil.nil(gs.getImpersonatingUserName());