How can we obtain the impersonator info when checking impersonation in an ACL script?

Lynn Wood · yesterday

We are wanting to restrict access in our sub-production environment (TEST) to certain fields that contain sensitive information from admins that can impersonate users with the correct access (via a role). We can check if impersonation is occurring; however, we cannot tell if the user is an admin or another ITIL user (we allow ITIL users to impersonate in the TEST environment.

Does anyone have an idea on how to obtain the impersonator information?

Ankur Bawiskar · yesterday

@Lynn Wood

with this you can get user name of the impersonated user

You can use this script in ACL

answer = true; // Default allow

var impersonatorName = gs.getImpersonatingUserName();
if (impersonatorName) {
    // Impersonation active - check if impersonator is admin
    var grImp = new GlideRecord('sys_user');
    if (grImp.get('user_name', impersonatorName)) {
        if (grImp.hasRole('admin')) {
            answer = false; // Deny if admin impersonating
        }
        // Else allow ITIL impersonation
    }
}

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader