https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3167503#M40016 <P>restrict HRSD data access from Impersonation</P><P>&nbsp;</P><P>Restrict a user to view HRSD data even after doing impersonation.</P> Tue, 04 Feb 2025 06:30:05 GMT deepanbhatt 2025-02-04T06:30:05Z https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3167503#M40016 <P>restrict HRSD data access from Impersonation</P><P>&nbsp;</P><P>Restrict a user to view HRSD data even after doing impersonation.</P> Tue, 04 Feb 2025 06:30:05 GMT https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3167503#M40016 deepanbhatt 2025-02-04T06:30:05Z https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3167517#M40017 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/837150">@deepanbhatt</a>&nbsp;,</P><P>&nbsp;</P><P>Please follow the below steps</P><P>1.&nbsp;</P><UL><LI>Identify ACL rules related to HRSD tables (sn_hr_core_case, sn_hr_core_task, etc.).</LI><LI>Modify these ACL rules to add conditions that prevent impersonated users from accessing HR data.</LI><LI>Add the following script in script section<UL><LI>if (gs.getSession().isImpersonating()) {<BR />answer = false;<BR />}</LI></UL></LI></UL><P>2.&nbsp;</P><P>&nbsp; &nbsp; &nbsp;</P><UL><LI>Navigate to <STRONG>Human Resources &gt; Administration &gt; Properties</STRONG>.</LI><LI>Enable <STRONG>"Enable additional HR data security settings"</STRONG>.</LI><LI>Ensure <STRONG>HR Criteria</STRONG> is properly configured to prevent unauthorized access.</LI></UL><P>3.</P><P>&nbsp; &nbsp; &nbsp;</P><UL><LI>Create a <STRONG>Before Query Business Rule</STRONG> on HR tables (e.g., sn_hr_core_case).<UL><LI>Add a script like:<DIV class=""><DIV class=""><DIV class=""><DIV class="">if (gs.getSession().isImpersonating()) {<BR />gs.addErrorMessage("Access to HR data is restricted during impersonation.");<BR />current.setAbortAction(true);<BR />}</DIV><DIV class="">&nbsp;</DIV></DIV></DIV></DIV></LI></UL></LI></UL><P>&nbsp;</P><P>&nbsp;</P><P>4.</P><P>&nbsp; &nbsp; &nbsp;&nbsp;</P><UL><LI>Ensure HRSD data access is <STRONG>role-restricted</STRONG> (sn_hr_core.basic and sn_hr_core.admin).</LI><LI>If needed, create a <STRONG>custom role</STRONG> that explicitly denies access during impersonation.</LI></UL><H3>&nbsp;</H3><P>If this solution helps you then, mark it as accepted solution ‌‌<span class="lia-unicode-emoji" title=":heavy_check_mark:">✔️</span> and give thumbs up <span class="lia-unicode-emoji" title=":thumbs_up:">👍</span> !</P><P>&nbsp;</P> Tue, 04 Feb 2025 06:42:18 GMT https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3167517#M40017 pratikjagtap 2025-02-04T06:42:18Z https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3212576#M40697 <P>Thanks Pratik Jagtap</P> Thu, 20 Mar 2025 05:44:42 GMT https://www.servicenow.com/community/hrsd-forum/restrict-hrsd-data-access-from-impersonation/m-p/3212576#M40697 Community Alums 2025-03-20T05:44:42Z