how to get a audit trail for all actions when impersonate user

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-08-2020 04:29 AM
Hi,
I am looking for a way to get an Audit trail/report of all actions in two cases
- Actions done by a user when impersonating another user
- when users, role, groups or ACL's are created, changed or deleted.
case 1)
- Start impersonating
- Who is impersonatin who
- All performed actions, inclusif the performed changes (old/new value)
- end impersonating
case 2)
- user performing the action
- On users, groups and ACL's what action is performed
- Old / new value
Is there a OOTB solution?
Is there a plugin I need to activate?
Thanks,
Wim

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-12-2020 01:32 AM
Hi Ashutosh
Yes, I did find entries in the syslog and the eventlog of the impersonated user, but if I open the record it does say:
"incident.do?sys_id=509a06ab2fa8d4109e1e2d6df699b633&sysparm_stack=incident_list.do?sysparm_query=active=true"
In this case, there is a posibillity that Abel was also logged in and has performed some actions during the time he was inpersonated.
I am looking to prove that an action is performed by someone who has impersonated a user. The message would look like:
"Time: october 10 2020 - 08:30:00 - incident updated. Old prio: 3. New prio: 2. Performed by Abel Tuter, impersonated by Administrator.
This will give me the posebillety to track all activities performed by a user who is impersonating another user.
Greets
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2024 03:08 PM - edited ‎01-18-2024 03:08 PM
@Wim2 - Although this is 3+ years old, I'm hoping you're still monitoring this thread. Were you able to build the report you need? We need something similar and not finding much to go on. Thanks.
Susan Williams, Lexmark

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-08-2020 05:19 AM
Hello Mamta,
You can find all such logs in - System Logs.
Also if there is any specific custom requirement, you might find the below URL useful.
https://community.servicenow.com/community?id=community_blog&sys_id=adcc2265dbd0dbc01dcaf3231f961
Regards,
Kopal

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-08-2020 05:28 AM
The url results in an error message
The content you requested cannot be displayed right now. It may be temporarily unavailable, the link you clicked on may have expired, or you may not have permission to view this page.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-08-2020 06:04 AM
Hi Wim,
Do you want it via API or something else. You can check system logs and event logs manually for this as well.
Thanks,
Ashutosh