Stop admin impersonating

Go to solution
Brian S5
Kilo Sage

‎02-19-2018 07:26 AM

Good Morning All,

It was requested by my HR department to remove the ability to impersonate HR users. We are using a basic implementation of the un-scoped HR app. I have read through some posts here that i have attempted (Before query BR on the HR table) but need a quick solution to satisfy their requirement. If anyone has any idea's on the best way to implement, id love to hear them. Thank you. 

 

  • 3,707 Views
1 ACCEPTED SOLUTION

Go to solution
Tim Woodruff
Mega Guru
In response to Brian S5

‎02-19-2018 11:12 AM

Hey, sorry about that, I used the wrong method - I've updated my script above. 

To answer your question, you would use the names. 

New script: 

var ImpersonateEvaluator = Class.create();
ImpersonateEvaluator.prototype = {
	initialize: function() {
	},
	BLOCKED_ROLES: [
		'hr_admin' //the EXACT names of the roles to block
	],
	canImpersonate: function(currentUser, impersonatedUser) {
		var i,
			currentUserRoles = currentUser.getRoles(),
			impersonatedUserRoles = impersonatedUser.getRoles();
		//Iterate over array of roles that cannot be impersonated.
		for (i = 0; i < this.BLOCKED_ROLES.length; i++) {
			if (currentUserRoles.indexOf(this.BLOCKED_ROLES[i]) < 0 && impersonatedUserRoles.indexOf(this.BLOCKED_ROLES[i]) >= 0) {
				gs.warn('Unable to impersonate user ' + impersonatedUser.getID() +
					', as the role ' + this.BLOCKED_ROLES[i] + ' was not possessed by the impersonator: ' +
					currentUser.getID());
				return false;
			}
		}
		//Otherwise, return true
		return true;
	},
	type: 'ImpersonateEvaluator'
};

View solution in original post

9 REPLIES 9

Go to solution
Brian S5
Kilo Sage
In response to Tim Woodruff

‎02-19-2018 11:22 AM

Awesome Tim!!

I see you added a message displaying when someone cannot be impersonated. The new script works for us! Thank you so much for the quick fix. 

 

find_real_file.png

Preview file
8 KB
0 Helpfuls

Go to solution
andrewdunn
Giga Expert

‎03-07-2018 07:43 PM

Hi Team - this is a section that I am investigating for the same reason as bshaw.

We are on Istanbul at the moment and I have been unable to find "ImpersonateEvaluator" when I look through all the "Script Includes" application menu options. Is there something that I am missing?

The closest I have come to is "ImpersonateButton" under the UI Scripts section which I do not believe is correct.

Or are we saying that I should be creating a NEW script - "ImpersonateEvaluator" 

Appreciate your thoughts

cheers

Andrew

0 Helpfuls

Go to solution
Tim Woodruff
Mega Guru
In response to andrewdunn

‎03-08-2018 08:03 AM

Nope, it's an extant SI: sys_script_include.do?sys_id=7d8bd212673202006c45322b43415a18

Go to solution
Brian S5
Kilo Sage
In response to andrewdunn

‎03-08-2018 08:24 AM

 

This is where i was able to find the Script Include, this might help ?

 

find_real_file.png

Preview file
43 KB

Go to solution
andrewdunn
Giga Expert

‎03-15-2018 05:58 PM

Thanks

0 Helpfuls