From a8272054e37e5f44235a777a54a4447b5dc12d8f Mon Sep 17 00:00:00 2001 From: Nilesh Wahule <77268537+Its-Nmk@users.noreply.github.com> Date: Tue, 21 Oct 2025 01:56:57 +0530 Subject: [PATCH 1/3] Create README for User Impersonation Activity Logger Added documentation for the User Impersonation Activity Logger, detailing its functionality, usage, prerequisites, and dependencies. --- .../README.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md diff --git a/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md b/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md new file mode 100644 index 0000000000..4f0ef25d31 --- /dev/null +++ b/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md @@ -0,0 +1,72 @@ +# User Impersonation Activity Logger + +A ServiceNow server-side utility that automatically creates a log when an action is performed under impersonation, helping distinguish between admin-added and user-added notes. + +# Challenge + +The challenge lies in distinguishing between actions performed by administrators impersonating users and those performed by the users themselves. Without a reliable way to track impersonation activity, it becomes difficult to ensure transparency and accountability in ticket histories. This lack of clarity can lead to confusion during audits, misinterpretation of updates, and potential compliance risks. Addressing this issue is critical to maintaining trust and operational efficiency. + +## Description + +This script identifies if the current user session is under impersonation (e.g., an admin impersonating another user). +If true, it automatically appends a message in the **Logs** indicating that the note was added during impersonation. +This improves auditability and clarity when reviewing ticket histories. + +## Functionality + +The User Impersonation Activity Logger provides the following capabilities: +- Detects if the current user is impersonating another user +- Automatically appends a log message stating the impersonation context +- Works in **Business Rule** and Global Scoped Tables +- Logs both actual user and impersonated user details +- Provides clear distinction for audit and tracking + +## Usage Instructions + +### Add as Business Rule + +```javascript +// When: before update +// Table: incident +// Script: +(function executeRule(current, previous /*null when async*/) { + if (new GlideImpersonate().isImpersonating()) { // Check if the user is impersonating + if (current.comments.changes() || current.work_notes.changes()) { // Check if comments or work notes have changed + let actualUserName = gs.getImpersonatingUserDisplayName(); + let impersonatedUserName = gs.getUserDisplayName(); + let logMessage = `User Impersonation Activity Detected: + Timestamp : ${ new GlideDateTime()} + Actual User: ${actualUserName} + Impersonated User: ${impersonatedUserName} + Comments added: ${current.comments || 'NA'} + Work Notes added: ${current.work_notes || 'NA'}`; + gs.info(logMessage); + } + } +})(current, previous); +``` + + +## Prerequisites + +- Need admin access to check the impersonation logs later + + +## Dependencies + +- GlideSystem API +- GlideImpersonate API +- gs.getSession() + + +## Category + +Server-Side Components / Business Rules / User Impersonation Activity Logger + +## Hacktoberfest 2025 + +Created as first Contribution for ServiceNow Hacktoberfest 2025 🎃 + +## License + +MIT License From a77fcfae0281c5c1b1c47aee0ca96116e29f501d Mon Sep 17 00:00:00 2001 From: Nilesh Wahule <77268537+Its-Nmk@users.noreply.github.com> Date: Tue, 21 Oct 2025 01:57:58 +0530 Subject: [PATCH 2/3] Add GlideDateTime API to README.md --- .../Business Rule/User Impersonation Activity Logger/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md b/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md index 4f0ef25d31..59bd9c118c 100644 --- a/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md +++ b/Server-Side Components/Business Rule/User Impersonation Activity Logger/README.md @@ -57,6 +57,7 @@ The User Impersonation Activity Logger provides the following capabilities: - GlideSystem API - GlideImpersonate API - gs.getSession() +- GlideDateTime() API ## Category From d85350c29793a7b92cbe5e3179a8d5be61044e86 Mon Sep 17 00:00:00 2001 From: Nilesh Wahule <77268537+Its-Nmk@users.noreply.github.com> Date: Tue, 21 Oct 2025 01:59:10 +0530 Subject: [PATCH 3/3] Implement user impersonation activity logging Code to be added to the Business rule to track the changes --- .../UserImpersonationActiityLogger.js | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 Server-Side Components/Business Rule/User Impersonation Activity Logger/UserImpersonationActiityLogger.js diff --git a/Server-Side Components/Business Rule/User Impersonation Activity Logger/UserImpersonationActiityLogger.js b/Server-Side Components/Business Rule/User Impersonation Activity Logger/UserImpersonationActiityLogger.js new file mode 100644 index 0000000000..40f1877076 --- /dev/null +++ b/Server-Side Components/Business Rule/User Impersonation Activity Logger/UserImpersonationActiityLogger.js @@ -0,0 +1,17 @@ +(function executeRule(current, previous /*null when async*/) { + if (new GlideImpersonate().isImpersonating()) { + // Check if the user is impersonating + if (current.comments.changes() || current.work_notes.changes()) { + // Check if comments or work notes have changed + let actualUserName = gs.getImpersonatingUserDisplayName(); + let impersonatedUserName = gs.getUserDisplayName(); + let logMessage = `User Impersonation Activity Detected: + Timestamp : ${new GlideDateTime()} + Actual User: ${actualUserName} + Impersonated User: ${impersonatedUserName} + Comments added: ${current.comments || "NA"} + Work Notes added: ${current.work_notes || "NA"}`; + gs.info(logMessage); + } + } +})(current, previous);