User Query by Domain

kchorny · ‎08-18-2017

I'm building some sub-domains in our instance, and I've run into an issue with a user query business rule. The requirement is that a user in the domain can see all other users in their domain as well as users in any domains that are children of their domain. I've created the below before query business rule on the sys_user table in the sub-domain. It fulfills the requirement, but when it's turned on, I can't impersonate anyone! When I'm logged in with my admin account (which is in the global domain) and attempt to impersonate anyone in any domain, it just goes back to my admin account.

Is there a condition I can put in the rule that will keep it from running when changing impersonation?

Here is the current condition:

gs.hasRole("itil") && gs.getSession().isInteractive()

And the script:

var cDomain = gs.getUser().getDomainID();

var q = current.addQuery('sys_domain',cDomain);

var sd = new GlideRecord('domain');

sd.addQuery('parent',cDomain);

sd.query();

while (sd.next())

{

q.addOrCondition('sys_domain',sd.sys_id);

}

Thanks for any help!

SanjivMeher · ‎08-18-2017

Use this instead.

gs.hasRole("itil") && gs.getSession().isInteractive() && !gs.getImpersonatingUserName()

Reference: Business Rule condition ignore if trying to impersonate

Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

kchorny · ‎08-18-2017

There is a caveat to this... you can't test your rule while impersonating when this condition is in place.

SanjivMeher · ‎08-18-2017

Another way to test is create a local test account, assign the required role and test.

Please mark this response as correct or helpful if it assisted you with your question.