How do I get the sys_id of the impersonating user name?

chucksimonds · ‎12-02-2015

I want/need to get the sys_id of the person impersonating, like getUserID(), but the ID of the person doing the impersonating.

Was hoping there was something like: getImpersonatingUserID(); but doesn't exist.

I tried this... var u = gs.getImpersonatingUserName().gs.getUserID();

but it did not work. Any help is appreciated, thanks!

fschuster · ‎12-02-2015

Hi Chuck,

got it.

You can basically do a simple get with the UserID of the impersonating user - that query is pretty lightweight and shouldn't affect performance too much.

Then you can simply add the sys_id of that person to your query.

You might want to verify if the impersonatingUserSysID is set/filled - if not don't even include it in the answer line (so having two answer lines - one for the case that you have the id and for the case that you don't).

var impersonatingUserName = gs.getImpersonatingUserName();

var impersonatingUserSysID = "";

var grUser = new GlideRecord("sys_user");

if(grUser.get("user_name", impersonatingUserName)) {

impersonatingUserSysID = grUser.getValue("sys_id");

}

View solution in original post

chucksimonds · ‎12-02-2015

Berny, when I used gs.getUserID(), it will give the id of the person I'm impersonating, I probably wasn't clear but I need to get my id when I'm impersonating, not the person's id that I'm impersonating.

Jim Coyne · ‎12-02-2015

Just out of curiosity, what is the use case? Not sure why you would want to take impersonation into consideration for an ACL?

chucksimonds · ‎12-02-2015

Jim, the situation here is HR data. Our HR dept doesn't want anybody to see anybody else's data. So even if I'm impersonating someone else, I will still only be able to see data that I am supposed to see, not the data for the person I'm impersonating.

Jim Coyne · ‎12-02-2015

Gotcha. I've ran into this in the past and to be honest, not written any rules. The reason - your admins could override security anyways so if they really want to get to the info, they can.

At the end of the day, your admins are in a position of trust, so they do need to be trusted.

Mike Allen · ‎12-02-2015

I agree with this. When I did it, I did it for legal. I just added the legal roles to the list of roles you could not impersonate with the impersonator role. Admins get around this, obviously, but impersonators (users we grant the impersonator role to for testing) cannot.