Impersonation

sunny091213
Tera Contributor

‎02-17-2025 09:38 AM

do  you think Impersonation is an security issue? if yes give me reasons?if not support it?

0 Helpfuls
  • 626 Views
8 REPLIES 8

Dr Atul G- LNG
Tera Patron
Tera Patron

‎02-17-2025 10:36 AM

Yes @sunny091213 

 

This poses a significant security issue if given in production to any user. By using impersonation, a user can approve or reject changes or manipulate data they do not have access to. This bypasses the established access controls and audit mechanisms, potentially leading to unauthorized actions and data integrity violations.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

sunny091213
Tera Contributor
In response to Dr Atul G- LNG

‎02-18-2025 01:13 AM

Then why did serviceNow allow impersonation if it is a security issue,even in Production a admin can impersonsinate the other users?

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to sunny091213

‎02-18-2025 05:39 AM

Hi @sunny091213 

Only admins are allowed to impersonate users, which is useful for checking issues during odd hours when the user might not be available. Admins need the Impersonation role to view other user profiles or, in some cases, update records with necessary approvals.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

AndersBGS
Tera Patron
Tera Patron

‎02-17-2025 01:44 PM

Hi @sunny091213 ,

 

I fully agree with @Dr Atul G- LNG here. If you provide the impersonation to any user, they are able to act as the user under all circumstances in the ServiceNow platform.

 

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/