- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-11-2017 02:16 AM
Hi
We are looking to introduce a new business function to ServiceNow. However they use sensitive data that we do not want to allow to be visible to other servicenow users. We will use roles to prevent this however we want to prevent it becoming visible by use of the impersonator role. Ideally we would not forgo this useful functionality altogether so I believe we could edit the Ui Page to limit users with certain roles being impersonated - but I've been advised that modifying an Out of the Box Ui Page has some disadvantages so I'd like to know if an easier solution would be create a similar condition to that employed by the Sec Ops and HR applications when we create our new application or module for the new business function?
quoting a little from 'Impersonate a user
IT System Administrators [admin] can impersonate ServiceNow users. However, when impersonating a user with an application admin role for Human Resources or Security Incident Response, an admin is not able to access features granted by that role, including security incidents and profile information. Access to modules and applications in the navigation bar is also restricted. Also, admin cannot change the password of any user with an application admin role for Human Resources or Security Incident Response.
This seems like it might be a more rounded solution for us but I'd like confirmation that it is possible to be implemented outside the specific HR and Sec Ops applications before building this solution in to a high level design
Solved! Go to Solution.
- Labels:
-
Finance Service Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2017 03:29 AM
There is a script include "ImpersonateEvaluator", there exist method "canImpersonate". Change this method as per the requirement, you will be able to control the Impersonation behavior.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2017 03:27 AM
Hi Ed,
This is possible in Service-now.I want to understand the requirement.
Some Users has special role "XYZ" and admins should not be able to impersonate them, only admin+"XYZ" role should be impersonate those special role users.
is this correct?
BTW, which version you are using?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2017 03:40 AM
We are currently on Helsinki
You have it almost right - at this point we are looking at preventing anyone with role xyz from impersonating someone with the role - so that includes admin
Although I think that if we could not limit admins from being able to impersonate users with this role then its likely i would still get approval - I've not had that discussion yet though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2017 03:44 AM
Hi Ed,
Use "ImpersonateEvaluator" script include & change canImpersonate method to achive the same.
You can see ImpersonateEvaluator in your script include table.
Hope this helps.
Regards,
Kedar

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-09-2017 12:36 AM
Hi Kedar,
I was wondering what values are being passed to currentUser and impersonatedUser and how ?
canImpersonate: function(currentUser, impersonatedUser) {
return true;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-09-2017 01:38 AM
Hi Ayush,
Those are GlideUser Objects, you can get Sys_ids of users by "impersonatedUser.getID()"
Regards,
Kedar