- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2015 05:32 AM
Can I identify whether the ticket is created by 'ABC' user or 'DEF' user ( who just impersonated with 'ABC' and created the ticket).
PS- 'ABC' is an itil user and 'DEF' is an admin user
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2015 05:37 PM
Hi, some thoughts that could be helpful:
a) You may be able to determine which was the user doing the impersonation by matching the times on which the impersonations took place and the incident created time.
b) Be aware that incidents could be created on multiple ways. A common one in many instances is that instances may be created as a result of an incoming email to the ServiceNow email account which results in a creation of an incident when the respective inbound action is enabled.
c) I will recommend that generic user user accounts are either disabled or left to only 1 trusted administrator responsible for instance. Admin or Securitty Admins should have their own accounts with the respective required admin roles. In this way it will be easy to trace which user is doing which action and assure accountability for it.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2015 11:29 PM
Simple solution here.
You could, in theory, create a before update business rule on task or even global (some alterations would be needed) if you desired.
I would create a System Property (see Adding a Property - ServiceNow Wiki ) as a toggle so you can easily disable in production.
Condition
gs.getProperty('audit.impersonation') == 'true';
Script
var actualUser = gs.getImpersonatingUserName();
if( !JSUtil.nil(actualUser ) ) {
gs.log(current.getTableName() + ' with sys_id ' + current.sys_id + ' was updated by ' + actualUser + ' impersonating user ' + gs.getUserName(), "Impersonate" );
}
You can then create a module for all log entries with source 'impersonate'.
ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2016 01:01 PM
What table would that business rule run against?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2016 04:35 PM
Global.
I wouldn't recommend using this solution in Production, as using Global business rules is generally considered bad practice.
I think training is the best solution for this one.
ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-08-2016 06:21 AM
Ok, thanks. We'll keep looking for a solution to implement in production.
