Restrict a Particular User From Appearing in the Impersonation List

sharatkandothna · ‎01-30-2018

Hi ,

I have been checking ways to make sure a particular user , for e.g. X , does not come up in the impersonation list ( X is an ITIL user) . So, as admins we should be able to impersonate. But any other ITIL user , having an impersonator role should not be able to impersonate to the user X.

I have followed other threads similar to impersonation and tried modifying the scripts in UI page 'impersonate_dialog' , a UI macro 'impersonate_dialog' and a script include 'ImpersonateEvaluator' . I couldn't crack the solution.

Has anyone tried a similar thing?

Could you guys please have a look at this one? ctomasi pradeepksharma bernyalvarado rfedoruk

Regards,

Sharat

Pradeep Sharma · ‎01-30-2018

Hello Sharat,

I agree with rfedoruk. If you still want to go ahead you should be able to do it via script include "ImpersonateEvaluator". Refer to the method canImpersonate which can be modified per your req.

Script here: For some reason, an editor is not working so pasting it below in plan format.

var ImpersonateEvaluator = Class.create();

ImpersonateEvaluator.prototype = {

initialize: function() {},

type: 'ImpersonateEvaluator',

canImpersonate: function(currentUser, impersonatedUser) {

var userImpersonated = impersonatedUser.getID();

if(userImpersonated == 'dd9b3742c37030009b5efcfc5bba8fb6') //dd9b3742c37030009b5efcfc5bba8fb6 refers to the sys_id of impersonated user

{

return false;

}

else

{

return true;

}

};

You can also add additional condition in the above script to check for current logged in user role or sys_id in the if condition. Please make sure to explicitly check for the user is not admin because all the roles will be true for admin

Get a user object

View solution in original post

Uncle Rob · ‎01-30-2018

No idea how to do this, personally. I'd bow out long before that though.
The idea of giving impersonator for non-admins is likely for beta testing some use case on a non-prod environment. In such a case I'm not aware of a reason important enough for me to modify a component so foundational as the Impersonation macros and UI pages.

Sounds dangerous for not a lot of payoff.

sharatkandothna · ‎01-30-2018

Hi Robert,

I certainly understand your point. I am not in favor of modifying these core OOB scripts. But there is a typical business requirement, which needs such a thing to be in place. Just wanted to know if there is a way out.