Summary
There is sometimes a requirement to audit when users elavate to role with elevated privilege on the instance for eg : elevate to security_admin role.
Instructions
1. When user elevates to the privileged role , the event is created with event name "security.elevated_role.enabled" on sysevent table
2. Parm1 is user_name of user and Parm2 is role name.
3. Can use the "Script Action" to process this event and audit the event as required.
Related Links
https://docs.servicenow.com/csh?topicname=r_ScriptActions.html&version=latest
