How to view all system activities performed by a user during an impersonation session
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
I have below requirement:
As a manager responsible for reviewing impersonation sessions, I need the ability to view all system activities performed by a user while impersonating another user, so that when there is probable cause of misuse of the impersonation feature, I can conduct a thorough investigation.
Write the following data to a customer defined table so it can be pulled ad hoc for a full investigation.
- Impersonator user
- User impersonated
- Start date and time of impersonation
- End date and time of impersonation
- Where the user went during impersonation
- What data was updated or changed
Can anyone please suggest any solution for this requirement?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi @Damayanti Sarod ,
All actions performed by an administrator while impersonating another user are recorded as if they were executed by the impersonated user. When impersonation begins, an 'Impersonate Begin' event is logged in the system log, and an 'Impersonate End' event is recorded when impersonation concludes. You can review these impersonation logs in the system log to investigate all activities performed during the session. For more details, see the Impersonation logs documentation and Monitoring user activity
Use sys_user_impersonation to detect sessions, then correlate with syslog, sys_audit, and sys_history_set to capture navigation and updates. Store results in a custom table for investigation and reporting. This approach ensures you can fully reconstruct what happened during impersonation.
refer:
Auditing and history sets | How they work together
Thanks,
Ratnakar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi @Damayanti Sarod ,
Steps to track impersonation activity:
Set the system property glide.sys.log_impersonation to true.
Navigate to All → System Log → System Log.
In the Source column, search for impersonate.
You can view both the start and end of impersonation sessions.
Correlate the System Log entries with the audit history of the record you’re investigating to identify who was impersonated at the time of the data update.
Types of impersonation logging
There are two types of impersonation sessions:
1. Interactive sessions
Performed via the User Interface (UI).
To log all interactive impersonations, set:
glide.sys.log_impersonation = true
2. Non-interactive sessions
Performed by applications, integrations, or scripts.
To log non-interactive impersonations, set:
glide.sys.log_impersonation.non_interactive = true
(Create this property if it doesn’t already exist.)
If this helps, please mark it as Helpful and Please accept my solution ...
Best Regrads
SIVASANKARI S
