Check if selected user has access to a record

Jakub Synowiec · ‎01-31-2019

I need to check in a script whether user X has permissions to read records in a table.

My initial idea was to impersonate that user from a script level, and use the GlideRecordSecure / .canRead() method on the GlideRecord, but I am not able to impersonate user either using gs.getSession().impersonate(), or using the GlideImpersonate().impersonate() methods, because my script is in a custom scope.

What's the best way of checking if selected user (that I have a sys_id of) is able to read records, that takes into account all the ACLs?
Am I on the correct path here?

Thank you!
- Jakub

sachin_namjoshi · ‎01-31-2019

You need to configure read ACL for your table.

After configuring ACL, you can use canRead() method to check if user has access in your script.

https://developer.servicenow.com/app.do#!/api_doc?v=kingston&id=r_ScopedGlideRecordCanRead

Regards,

Sachin

Jakub Synowiec · ‎01-31-2019

I already have ACLs configured for the table, but if I use the .canRead method, it will return the value of the user that is executing the script.
I need to be able to check if any other user can read it, not myself.

sonikumari · ‎09-03-2021

Hi,

Did you get any solution for this?

Thanks,

Soni

Jakub Synowiec · ‎09-07-2021

Hi Soni,

I can't remember what I did exactly, nor can I check it at this point, but I believe I pushed towards the GlideImpersonate API.
I would be careful with this approach though, please be aware of what risks are associated with the GlideImpersonate API, and design your solution accordingly.

Thanks,
-- Jakub