Enhancing Impersonation Capabilities

Kass3m · ‎08-16-2024

Is there a way to limit impersonation access by an assignment group: such as one can only impersonate a hiring manager in Lifecycle events but not Risk managers or admins?

Dr Atul G- LNG · ‎08-16-2024

Hi @Kass3m

OOTB any user who has an impersonator role can impersonate any other user except a NON-Admin cant impersonate a admin. I don't think there is any way to restrict that.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Aaron Dalton · ‎08-17-2024

You can edit the canImpersonate() method in the global.ImpersonateEvaluator Script Include. That'll let you define rules to allow/disallow impersonation based on almost anything. For example, in my PDI, I edited the method to the script below and it prevented the oob admin user from impersonating anyone at all.

Note: I did notice that the "Impersonate user" button still shows up, but the evaluation is done on impersonate. So when I actually chose a user to impersonate, I received the error disallowing the impersonation.

/sys_script_include.do?sys_id=7d8bd212673202006c45322b43415a18

canImpersonate: function(currentUser, impersonatedUser) {

	if (gs.getUserName() == 'admin')
		return false;
			
	return true;
}