Impersonate for non-admin users

SNOW User8 · ‎02-21-2018

Hi All,

I have created new Role called "Impersonate Another User" & provided "impersonator" role to that user.

Now user can see impersonate user tab on their profile. But they can't search for users, so that I have created 2 new ACLs on sys_user table,

sys_user.locked out field & sys_user (None) as mentioned in this impersonator does not work for Non-Admin thread.

Now everything is working fine for users with role of "Impersonate Another User". i.e they can impersonate others.

But the problem now is caller field is missing from the incident table. I have double checked my ACLS & there is no other ACL for sys_user (None) & also checked for incident.caller_id (read) ACLs & didn't find out anything.

Please help me.

Brian Lancaster · ‎02-21-2018

Remove your ACL for sys_user(none). You should only need the sys_user.locked out. Adding the sys_user(none) just made it so that only someone with impersonate role can read from the sys_user table.

SNOW User8 · ‎02-21-2018

Hi bricast,

Thank you for your response.

Yes but if I don't give that access then someone with impersonate role can not search other users under impersonate user tab. How to handle this??

Please help me.

Brian Lancaster · ‎02-22-2018

I only added the one ACL for sys_user (locked out). OOB you should have an ACL for sys_user(none) with no roles which give all users Read access to the sys_user table.

Brian Lancaster · ‎02-22-2018

I just tried this in a personal dev instance and this is all I added.