How to limit users in impersonation

Community Alums · ‎10-16-2018

Hi Team, how can we limit the users to be selected in impersonation window? We have a requirement to allow only approved users to be available for impersonators to impersonate.

Community Alums · ‎10-17-2018

Thank you @iamkalai, I have used below condition in before query BR on sys_user table, and it works.

Condition: gs.getSession().isInteractive() && gs.action != ''

Script: if ((gs.action.getGlideURI().toString()).indexOf('impersonate') != -1 || (gs.action.getGlideURI().toString()).indexOf('angular.do?sysparm_type=ref_list_data') != -1) {

<YOUR CODE GOES HERE>

}

NOTE: Do not add above if condition in the condition field, orelse you will get java null pointer exception while updating record in sys_user table.

View solution in original post

VigneshMC · ‎10-16-2018

Below thread should be helpful.

https://community.servicenow.com/community?id=community_question&sys_id=af46cfa1db1cdbc01dcaf3231f9619be&view_source=searchResult

If you want to restrict for more users, you can create an field in user table and check the field to grant access instead of hardcoding sys_id's

Thanks

Kalaiarasan Pus · ‎10-16-2018

You can go about creating a query business rule on the user table if you are not open to editing the impersonation script include as stated above.

Filter the records that you do not want to be impersonated in the query rule.

Community Alums · ‎10-16-2018

Thank you Vignesh, the given solution restricts impersonation. However, it shows all users in the selection drop-down in impersonation window. I want to filter users in the impersonation drop-down (as shown in below screenshot) so that only selected users can be selected.

@iamkalai, what condition do you suggest so that the query business rule runs only for impersonation dialog window?

Kalaiarasan Pus · ‎10-17-2018

You can try using this and see if it works.

gs.getSession().isInteractive() && gs.action != '' && (gs.action.getGlideURI().toString()).indexOf('impersonate') != -1

Community Alums · ‎10-17-2018

Thanks, @iamkalai, the BR with "gs.action.getGlideURI().toString()).indexOf('impersonate')" condition works for "Recent Impersonation", and not for the drop down box for "Search for user".

One thing i have noticed is, when i add "gs.log(gs.action.getGlideURI().toString())", gives me "angular.do?sysparm_type=ref_list_data" which is too generic to add as a condition. any suggestions?