Trigger an impersonation start event

Community Alums · ‎02-12-2025

Can we trigger an impersonation start event when a particular group user is impersonated?

Ankur Bawiskar · ‎02-17-2025

@Community Alums

share your business rule config screenshots

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Community Alums · ‎02-18-2025

I have just written a log in the script section

Ankur Bawiskar · ‎02-18-2025

@Community Alums

seems some limitations

Business Rules on [sysevent] table cannot be used - Syslog probe

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Mark Manders · ‎02-18-2025

Why aren't you just using the OOB Security Policies that have a preconfigured 'if impersonated' policy right there. You just add your own logic (put the group members in there) and you are done.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Community Alums · ‎02-19-2025

Hello Ankur,

I have created Script action which run on impersonation start event. I included logic to send notification in script action.

But I am not getting event parameters in mail script and notification.

Can you please me?

Script action code-

var impersonater = event.parm1;

var impersonate = event.parm2;

//Retrieve the user record for the impersonater variable

var grUSer1 = new GlideRecord("sys_user");

grUSer1.addQuery("user_name", impersonater);

grUSer1.query();

if (grUSer1.next()) {

var impersonater_user1 = grUSer1.sys_id;

}

//Retrieve the user record for the impersonate variable

var grUSer = new GlideRecord("sys_user");

grUSer.addQuery("user_name", impersonate);

grUSer.query();

if (grUSer.next()) {

var impersonate_user = grUSer.sys_id;

}

// Check if the impersonator is a member of the specified group

var grUserMemberCheck = new GlideRecord("sys_user_grmember");

grUserMemberCheck.addEncodedQuery('group=955ff733fbe7d250a322f59ff4efdce7'); // The group to check membership for

grUserMemberCheck.addQuery("user", impersonate_user); // Use the impersonate_user variable to check if they're a member

grUserMemberCheck.query();

if (grUserMemberCheck.next()) {

gs.eventQueue('impersonation.people_support', 'sys_user', impersonater_user1, impersonate_user);

} else {

gs.log("Impersonator is not a member of the group.");

Email script-

gs.log("Event params: " + event.parm1 + " has impersonated " + event.parm2);

template.print( event.parm1 + ' has impersonated ' + event.parm2);

Notification-

${mail_script:Unauthorised_access}
${event.parm1} impersonated ${event.parm2} account.