By default any user who is assigned the admin role on an instance should have access to the "Impersonate User" button as found in the user contextual pull-down menu.
Selection of this option will then bring up the Impersonate User dialog for which various user types can be simulated for login into the instance.
While this option will, by default, be set to display for admin level accounts on the instance, there may be the need to cause this option to not display for admin (or other) accounts. Or, alternatively, this option may have been previously hidden for some reason, and the goal is to allow the option to again be displayed in the menu. This article will describe the steps which can be used to cause this button to be hidden or displayed as needed on an instance.
First and foremost, in order to have the impersonation capability, a user account must have the proper permissions to impersonate.
There are generally two out-of-box roles that control whether a specific user can impersonate another user. These are the admin role and the impersonator role.
The admin role allows impersonation of other users including other users who might have the admin role.
The impersonator role allows impersonation of other roles, but not users who might have the admin role.
If a user who has the proper role membership still does not seem to have access to the Impersonation options, the cause of this is probably due to either the UI Macro record for impersonation having been modified or the System Property that controls whether the instance allows impersonation is set to false.
If the cause of the issue is found to be that the user is not associated to one of the roles to impersonate, the solution is to thus add that account to one of these roles. The following steps show one way this could be done on a standard out-of-box instance:
- Log into the instance with an account having the rights to manage users (such as admin).
- On the instance, browse to User Administration -> Users.
- A list of users on that instance should appear.
- Locate the user in the list for which you want to provide impersonation permissions and click that record to open that record for editing.
- Once the record opens, locate the Roles related list.
- Click the Edit button for this related list.
- A slushbucket control will appear. In the left side list, locate the name of the role you want to provide to the user. For impersonation rights this would be either the impersonator role or the admin role. Unless the user should have full admin rights, it is probable that the impersonator role is the role which should be added to that user.
- Once this role is found in this left list, double click the name of the role to cause the role to move to the right side list in the slushbucket control.
- Click the Save button on the Slushbucket screen to save the association of the Role to the User record.
- If that user is logged into the system, they should log out and then back into the system before attempting to use the new permissions.
If the user is, however, associated to a role which should provide impersonation capabilities, the next most common cause of this issue is that the System Property that governs whether an instance allows impersonation (through display of the Impersonate button) has probably been set to disallow this. Perform the following steps to check this property and change the setting for this property, if necessary:
- Log into the instance with an account having admin rights to the instance.
- In the Filter navigator text box type sys_properties.list and press the Enter key.
- A list of System Properties on that instance will appear.
- Using the filter locate the System Property with the name glide.ui.impersonate_button.enable in the list and click the Name of that property to open the property for viewing or editing.
- Check the current setting in the Value field of this System Property record. If this setting is set to false, this indicates that the impersonate button will not be found on the instance and thus impersonation cannot be performed on the instance by any user. If this setting is set to true, the impersonation button will be enabled for those users with the proper roles.
- If necessary change the Value field to the needed setting (true or false).
- Click the Update button on the System Property record to save the update.
If this property is already set to a value of true and the user whom should be able to impersonate is in the correct groups, another possible cause of the issue is that the UI Macros associated with the Impersonate User button and functionality have been customized or modified (UI Macros with the name impersonate_button).
It is highly recommended that users do not modify these out-of-box UI Macros that are used for user impersonation. However, if these objects have been modified and are causing this issue, the recommended solution is to revert these objects to the out-of-box version or request the out-of-box copies of these records for the version of the ServiceNow version that is being run.
Another option which can be used is to run a specific script which can be used to impersonate another user. The following KB Article describes this script and how it can be used: