Impersonation & Role Elevation

Impersonation is usually associated with fraudulent practices, but in ServiceNow, it is a crucial admin feature. It allows admins or developers to assume another user’s identity and test the system’s behaviour from that user’s perspective. 

Like “Putting themselves in their shoes”. In this chapter, we will examine the purpose of impersonation and how an admin or developer can do so. 

Purpose of Impersonating a User 

Impersonation allows a user with the appropriate role to temporarily log in as another user, without requiring the target user’s password. It is helpful for testing access, UI visibility, or workflow behaviour from that specific user’s perspective. 

It’s commonly used by admins or support teams to troubleshoot issues reported by end users. The impersonated session behaves exactly like the user’s actual session: 

• Menus, modules, forms, and data are filtered by their roles and permissions. 
• Any action taken is logged as if the user had taken it. 

This capability makes impersonation a powerful yet sensitive feature in ServiceNow. 

How to Impersonate a User in ServiceNow? 

To impersonate a user: 

1. In the banner frame, click your profile icon or name 
2. Select Impersonate User 
3. Choose from recently impersonated users or search by name 
4. Click Impersonate User 

The header will now indicate you’re impersonating another user. To stop: 

• Click your name again 
• Select End Impersonation 

It takes you back to your own account instantly. 

Roles Required for Impersonation 

To impersonate users, you need to have the impersonator role. Administrators (admin) typically have this role by default. 

Without the proper role, you won’t see the Impersonate User option in the UI. 

For organisations with strict compliance policies, the impersonate user role can be restricted to certain users or environments, such as test and dev instances only. 

Conclusion

ServiceNow impersonation features allow authorised users to verify and test platform configurations to ensure the end-user experience. Remember, impersonation can only be performed by admins or developers, as the platform may contain sensitive information that must be handled securely.