Restrict Impersonation to Admin
The glide.sys.permissive.impersonate property can be used to prevent non-admin roles from impersonating other users.
When the glide.sys.permissive.impersonate system property is set to a value of false, only users with the admin role may impersonate. When this value is set to true, users may be able to make use of application components that expose impersonation APIs to impersonate a higher privileged user.
Ensure that the property glide.sys.permissive.impersonate is set to a value of false. If this property does not exist, the default value is false.
Warning:
This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.sys.permissive.impersonate |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | false |
| Default value | <none> |
| Fallback value | false |
| Category | Access control |
| Security risk |
|
| Dependencies and prerequisites | None |
| Functional impact | Non-admin users can access Impersonation features with some customizations to other scripts and UI pages. However, it is essential to ensure that only the correct users are granted access to these
features. Note: When glide.sys.permissive.impersonate is set to true, Non-admin users with the impersonate role can still impersonate. |