Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

restrict HRSD data access from Impersonation

deepanbhatt
Tera Contributor

‎02-03-2025 10:30 PM

restrict HRSD data access from Impersonation

 

Restrict a user to view HRSD data even after doing impersonation.

0 Helpfuls
  • 690 Views
2 REPLIES 2

pratikjagtap
Giga Guru
Giga Guru

‎02-03-2025 10:42 PM

Hi @deepanbhatt ,

 

Please follow the below steps

1. 

  • Identify ACL rules related to HRSD tables (sn_hr_core_case, sn_hr_core_task, etc.).
  • Modify these ACL rules to add conditions that prevent impersonated users from accessing HR data.
  • Add the following script in script section
    • if (gs.getSession().isImpersonating()) {
      answer = false;
      }

2. 

     

  • Navigate to Human Resources > Administration > Properties.
  • Enable "Enable additional HR data security settings".
  • Ensure HR Criteria is properly configured to prevent unauthorized access.

3.

     

  • Create a Before Query Business Rule on HR tables (e.g., sn_hr_core_case).
    • Add a script like:
      if (gs.getSession().isImpersonating()) {
      gs.addErrorMessage("Access to HR data is restricted during impersonation.");
      current.setAbortAction(true);
      }
       

 

 

4.

      

  • Ensure HRSD data access is role-restricted (sn_hr_core.basic and sn_hr_core.admin).
  • If needed, create a custom role that explicitly denies access during impersonation.

 

If this solution helps you then, mark it as accepted solution ‌‌✔️ and give thumbs up 👍 !

 

Community Alums
Not applicable
In response to pratikjagtap

‎03-19-2025 10:44 PM

Thanks Pratik Jagtap

0 Helpfuls