Enhancing Impersonation Capabilities

Kass3m
Tera Expert

‎08-16-2024 04:58 AM

Is there a way to limit impersonation access by an assignment group: such as one can only impersonate a hiring manager in Lifecycle events but not Risk managers or admins?

 

0 Helpfuls
  • 265 Views
2 REPLIES 2

Dr Atul G- LNG
Tera Patron
Tera Patron

‎08-16-2024 05:01 AM

Hi @Kass3m 

 

OOTB any user who has an impersonator role can impersonate any other user except a NON-Admin cant impersonate a admin. I don't think there is any way to restrict that.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Aaron Dalton
Tera Expert

‎08-17-2024 09:06 AM - edited ‎08-17-2024 10:52 AM

You can edit the canImpersonate() method in the global.ImpersonateEvaluator Script Include. That'll let you define rules to allow/disallow impersonation based on almost anything. For example, in my PDI, I edited the method to the script below and it prevented the oob admin user from impersonating anyone at all. 

 

Note: I did notice that the "Impersonate user" button still shows up, but the evaluation is done on impersonate. So when I actually chose a user to impersonate, I received the error disallowing the impersonation.

 

/sys_script_include.do?sys_id=7d8bd212673202006c45322b43415a18

 

canImpersonate: function(currentUser, impersonatedUser) {

	if (gs.getUserName() == 'admin')
		return false;
			
	return true;
}

 

 

 

 

 

0 Helpfuls