Restrict Impersonation to Admin [New in Security Center 2.0]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • The glide.sys.permissive.impersonate property can be used to prevent non-admin roles from impersonating other users.

    When the glide.sys.permissive.impersonate property is set to false, only users with the admin role can impersonate other users. When this property is set to true, users may be able to make use of application components that expose impersonation APIs to impersonate a user of higher privilege. This could result in unauthorized access if these application components are misconfigured because non-admin users can access the Impersonation functionality.

    You may want to set the property to the non-default value when you need non-admin users to have the capability to impersonate other users.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.sys.permissive.impersonate
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value false
    Default value false
    Category Access control
    Security risk
    • Severity score: 6.7
    • CVSS score: Medium
    • Security risk details: Failing to set this property to the recommended value of false may allow a non-admin user to utilize application components that expose APIs, enabling them to impersonate a user with higher privileges.
    Dependencies and prerequisites None
    Functional impact Non-admin users can access Impersonation features with some customizations to other scripts and UI pages. However, it is essential to ensure that only the correct users are granted access to these features.