In ServiceNow, there may be situations where you need to restrict certain users from appearing in the impersonation list. This feature can help maintain security and enforce organizational policies, ensuring that only authorized users are available for impersonation. For instance, restricting the impersonation of key personnel, such as department heads, can be a crucial part of safeguarding sensitive information.
How to Implement Impersonation Restrictions
ServiceNow provides an out-of-the-box (OOB) Script Include called ImpersonateEvaluator. By customizing its canImpersonate method, you can control who can be impersonated based on specific criteria.
Example: Preventing Department Heads from Being Impersonated
Below is an example script that ensures department heads are excluded from the impersonation list:
var ImpersonateEvaluator = Class.create();
ImpersonateEvaluator.prototype = {
initialize: function() {},
type: 'ImpersonateEvaluator',
canImpersonate: function(currentUser, impersonatedUser) {
var userImpersonated = impersonatedUser.getID();
var checkDept = new GlideRecord("cmn_department");
checkDept.addEncodedQuery('dept_head=' + userImpersonated);
checkDept.query();
// If a record exists where the impersonated user is a department head, return false
if (checkDept.next()) {
return false;
} else {
// If no matching records are found, allow impersonation
return true;
}
}
};
- The script queries the cmn_department table to check if the impersonated user is listed as a department head (dept_head).
- If the user is found in the department head role, the script prevents impersonation by returning false.
- If the user is not a department head, impersonation is allowed.
Benefits of Implementing Impersonation Restrictions
Implementing these types of restrictions is important for several reasons:
- Security: It prevents impersonation of high-level users who have access to sensitive information or functionalities.
- Control: It allows organizations to customize impersonation policies based on roles or specific users.
- Compliance: These controls may be necessary to meet internal or external compliance requirements.