- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2023 08:42 AM
I'm writing a scoped application for which certain functions expose sensitive data from an external system. Due to the nature of this data (stored, managed credentials), the application needs to ensure that the user attempting to access it is indeed the user who has been granted that access in the external system.
I understand the security risks associated with allowing impersonation in a scoped app, but it seems as if certain functionality (which would serve to IMPROVE security) has also been omitted from the Scoped APIs ... namely the ability to test the current session / user for impersonation via GlideSystem.getImpersonatingUserName() or GlideImpersonate().isImpersonating().
I've seen some pretty cool workarounds posted for other tasks including the ability to impersonate via a Scheduled Job from users such as @The SN Nerd (I've browsed the blog a bit too!), but I have not come across a solution to this particular issue. Does anyone know a way?
Btw, it's probably worth mentioning that this app is intended for publication on the SNOW Store and therefore can't be globally scoped. 😞
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2023 01:06 PM
Ok, I feel dumb that I didn't come across this sooner, but in my defense, NOTHING I looked at mentioned this particular function ... I just got lucky and stumbled across it looking for other information.
At any rate, the answer seems to be GlideSession.isImpersonating()
if (gs.getSession().isImpersonating()) {
imposterAlert.send('Dear user, you look sus.');
} else {
// all good, carry on
}
The above function seems to be supported at least as far back as Rome, so nothing to worry about compatibility-wise.
Hopefully this can help someone else who is just as incompetent at searching as myself. 😉
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2023 01:06 PM
Ok, I feel dumb that I didn't come across this sooner, but in my defense, NOTHING I looked at mentioned this particular function ... I just got lucky and stumbled across it looking for other information.
At any rate, the answer seems to be GlideSession.isImpersonating()
if (gs.getSession().isImpersonating()) {
imposterAlert.send('Dear user, you look sus.');
} else {
// all good, carry on
}
The above function seems to be supported at least as far back as Rome, so nothing to worry about compatibility-wise.
Hopefully this can help someone else who is just as incompetent at searching as myself. 😉
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2024 03:13 AM
Good work - Thanks for sharing this - I used this in a 'before query' business rule and an acl to prevent impersonating admins from seeing sensitive data in a scoped app.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 08:14 AM
Thank You!
