Checking active elevated role and security event for security.elevated_role.disabled

Christopher17 · ‎10-25-2022

Q1: ServiceNow triggers the event security.elevated_role.enabled when an account elevates their role. How do I know when an account de-elevates their role as well? I was hoping for a security.elevated_role.disabled to counter the security.elevated_role.enabled, but I could not find one.

Q2: ServiceNow provides the methods hasRole() and hasRoleExactly(), but neither of these reports when an elevated role is active on current session. What calls can I make against the current user to check if the user has activated an elevated role?

Aman Kumar S · ‎10-25-2022

There is one event which gets triggered once you disable elevate security admin "security.elevated_role.disabled"

Also checkout below link for answer to your 2nd query:

https://www.servicenow.com/community/developer-forum/elevate-to-privileged-role-via-script/m-p/22093...

Best Regards
Aman Kumar

View solution in original post

Aman Kumar S · ‎10-25-2022

There is one event which gets triggered once you disable elevate security admin "security.elevated_role.disabled"

Also checkout below link for answer to your 2nd query:

https://www.servicenow.com/community/developer-forum/elevate-to-privileged-role-via-script/m-p/22093...

Best Regards
Aman Kumar

Christopher17 · ‎10-25-2022

Accepting @Aman Kumar S answer. I must have munged a query, I see the disabled event messages now. As for the second query I figured this is what I need.

var activeRoles = new GlideSecurityManager().get().getRoles();

This will report all active roles, not just the roles associated with the user. So when I elevate a role, I see it in the list, when I de-elevate the role, it's not in the list.

Thank you