If you have the Impersonate role, what type of User are you not able to Impersonate?

Frodo Baggins
Kilo Expert

‎01-24-2022 12:58 AM

If you have the Impersonate role, what type of User are you not able to Impersonate?

1) Extended Security Admin

2) Security Desk Users

3) Special Agents

4) Government Customers

5) Security Incident Response Users

  • 4,930 Views
8 REPLIES 8

Mark Roethof
Tera Patron
Tera Patron

‎01-24-2022 01:13 AM

Hi there,

On this Docs page, it's clearly explained what the limitations of impersonating are:
https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/users-and-groups/con...

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

0 Helpfuls

Mark Roethof
Tera Patron
Tera Patron

‎01-24-2022 01:14 AM

Impersonation limitations

  • When you impersonate any user, all scope-protected roles and encryption context roles are removed from the user being impersonated. However, if the impersonating user (the admin, for example) has a scope-protected role, that role is not removed from the list of roles for the user being impersonated.
  • When you impersonate a user with an application-specific admin role (for example, an application admin for Human Resources or Security Incident Response), you cannot access features granted by the application admin role, including security incidents, profile information, or other scope-protected features, unless you already have those roles. Access to modules and applications in the navigation bar is also restricted. Admins cannot change the password of any user with an application admin role.
  • Impersonating a user is not supported for mobile phones. For most mobile phones, however, you can impersonate a user by switching to standard view, performing the impersonation, and switching back to mobile view. Some mobile devices may have problems rendering the Impersonation dialog.
  • The following actions or conditions cause a user impersonation to end:
    • The user impersonates a different user
    • The user session ends, for example after a user logs out of their instance
    Note: The Impersonate Begin event appears in the system log (syslog.list) when impersonation begins, and the Impersonate End event appears in the system log when impersonation ends according to one of the two conditions listed above.

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

Mark Roethof
Tera Patron
Tera Patron

‎03-14-2022 10:53 PM

Hi there,

Any follow-up needed? Or was my answer sufficient?
Let me know.

If your question is solved, please close the topic by marking my answer as correct. This will help others searching for a similar question and will remove the topic from the unsolved list.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

Jimmy Hooh Chee
Kilo Contributor
In response to Mark Roethof

‎08-18-2022 01:25 AM

Looking at the question is a bit tricky I cant find extended security admin in Product doc but i can see Security incident response. To me is 5 - Security incident response. Taught!! When you impersonate a user with an application-specific admin role (for example, an application admin for Human Resources or Security Incident Response), you cannot access features granted by the application admin role, including security incidents, profile information, or other scope-protected features, unless you already have those roles. Access to modules and applications in the navigation bar is also restricted. Admins cannot change the password of any user with an application admin role.
0 Helpfuls