Use Script Debugger while impersonating another user with certain privileges

Go to solution
Bernhard Saile
Mega Guru

‎07-29-2023 02:23 AM

Hello.

 

I am using Script Debugger to step through some server side scripts in our instance.

As a developer (a user with "script_debugger" role and other privileges allowing navigation to source code like Script Includes), I am able to:

  • Navigate to the code I want to check and set breakpoints.
  • Open Script Debugger tool and stop execution at my defined breakpoints.

 

Now I want to impersonate several users with specific (sometimes complex) role constellation. I have several problems:

  • My Script Debugger session from before the impersonation is still open, but does not stop at the breakpoints (I think because it is associated to my developer user).
  • Adding the "script_debugger" role to the impersonated user temporarily allows me to open a new Script Debugger, but no breakpoints I set as developer user are available. It is a completely new debugger session.
  • Also, the impersonated user does not have access to the actual source code (e.g. Script Includes) and so is not able to set new breakpoints for the new session.

 

Of course I could manipulate my developer user by assigning roles and adding him to certain groups that match the situation of the impersonated users, but this not really feasible.

 

In a nutshell, what I would like to do is this:

  • As developer, define breakpoints in a certain server side script.
  • Impersonate a user with a specific role / group setup.
  • Debug the code that executes differently based on the roles / group setup the impersonated user has.

 

How do you approach such a scenario? Thanks in advance!

  • 3,593 Views
2 ACCEPTED SOLUTIONS

Go to solution
Bert_c1
Kilo Patron

‎07-29-2023 10:21 AM

Hi Bernhard,

 

In your first bullet, you indicate a specific server side script. given the limitations of using the Debugger while impersonating a user, I would add 'gs.info();' lines to the script to show interesting variable values at points in the script. Then impersonate the user and test. After the test, view the 'Script Log Statements' and see the results of the debug.

View solution in original post

0 Helpfuls

Go to solution
Bernhard Saile
Mega Guru
In response to Bert_c1

‎08-17-2023 07:19 AM

Hi Bert.

 

You wrote "given the limitations of using the Debugger while impersonating a user, I would add 'gs.info();' lines".

 

That confirms to me that in my scenario the only thing I can do is "poor man's debugging": fill the code with gs.info statements. I don't like it, since it means actively changing the code and adding records to the current update set.

 

But anyway, if that's the way it is, I have to live with it.

View solution in original post

5 REPLIES 5

Go to solution
Callum Spiers
Tera Contributor

‎08-01-2024 02:52 AM

Hi Bernhard/ anyone finding this, you can use script debugger while impersonating a user if you give them access to the scripts you need to debug and the script debugger role e.g.


If you want to investigate why a scripted ACL is failing for a non-admin ITIL user, you can give your ITIL test user "script_include_admin" and "script_debugger". Yes you are elevating their access for script includes, but for the majority of use cases, this is good enough.

0 Helpfuls