How can I impersonate a user in the REST API?

David Stephen · ‎08-05-2021

I have a service type login for the API running on a back end system.

I would like ot know if a particular user has access to certain items such as getting the list of Service Catalogue items they can access.

Is there a way to do this with the REST API without needing their login and password?

I am not using any libraries, just raw HTTP requests.

If the account can impersonate them, is there a header or query string option i can pass to have the table api query run with their permissions and accesses.

Thank you

palanikumar · ‎08-05-2021

Hi,

Try this:

gs.getSession().impersonate('user id');

// You can pass either User ID or sys_id of user record.

Thank you,

Palani

Thank you,
Palani

BALAJI40 · ‎08-05-2021

Hi,

Instead of impersonating you can give the same roles to the internal integration user.

If you still want to impersonate the same user, use the script suggested by Palani and make sure to impersonate it back with the same user.

var myUser = gs.getSession().impersonate('user_id');//Impersonate as required user

 //Update or get the records

gs.getSession().impersonate('user_id_of_rest'); //Reset it back the REST user

David Stephen · ‎08-06-2021

I would like to impersonate more than one user to see what items they can access (Catalogue items) so i can not have the same permissions on the service type account.

I was hoping to do this in a separate backend application than through ServiceNow.

I can use /api/now/ui/impersonate/{sys_id} on the back end that says the user is impersonated.

Passing the cookies that are returned into the next request allows the API to execute the query as the impersonated user.