Impersonation not working for non-admin users via Script Includes

Mani4 · ‎06-09-2020

Hi,

I have a business rule that invokes a function from a Script Includes which updates the status on "sc_task" by impersonating as an admin user. This functionality works fine when an admin invokes the business rule but the impersonation does not work (status update happens but not as an admin) when a non-admin process the same request. The Application is "Global" but the Accessible from is "This application scope only" on the Script Include. Do you think this is causing the issue or do we need the impersonation role even to impersonate via Script Include?.

var myUser = gs.getSession().impersonate(adminusersys_id);//Impersonate as admin

task.state = 'completed'; //Update task status

gs.getSession().impersonate(myUser); //Reset it back to logged in user

Ct111 · ‎06-09-2020

For integration purpose you should ideally assign web_service_admin , so that he can perform the change on records via web service. As David said normal users can't impersonate admin users else they can do something wrong in the system. And one thing that still keeps me curious is why would person impersonate someone to execute a script , it is either he has the role or not that should be in your code. Something like if(gs.hasRole('admin') == true) Then execute else prevent

DScroggins · ‎06-09-2020

Im not sure why exactly it would work for the non ITIL users but would need to look into what roles that particular user does have. Either way that isnt best to configure in that manner. If you are calling an integration you can create a proper outbound integration (REST/SOAP) record and then configure the connection credentials that will be used at runtime. Now your SI can invoke the outbound integration and process the response as needed along with updating the record. Obviously without seeing the meat and potatoes of your logic and how you are making the integration I am guessing a bit. Hopefully though that helps.

--David