ServiceNow Rest API Call Using Chrome Extension

Question

How is it possible to perform the below query with 'user B' while being logged in as 'user A' and not exiting 'user A' session?

     var settings = {
    "async": true,
    "crossDomain": true,
    "url": "www.url.com",
    "method": "GET",
    "headers": {
    "authorization": "Basic [BASE64]",
    "cache-control": "no-cache",
        }

While being logged with user A, I perform this query and get immediately logged in with user B and my session is overwritten with user B. I'm attempting this while using a Chrome Extension.

The 'User B' account is a generic account with permissions to perform API calls which 'User A' does not have.

score 0 · Answer 1 · answered Jan 13 '19 at 16:40

This is only possible if (User A has admin role) or (User A has impersonator role && user B is not an admin)

1) If User A has admin role, then they can directly trigger any REST queries as long the target table is allowed to access.

2) If User A has impersonator role, then you can impersonate any users session except the admin users. The following line of script can be used to impersonate user B within user A's session and then trigger the required API as User B

var originalUserID = gs.getUserID();

//Replace SYS_ID_USER_B with the sys_id of user B from the profile
gs.getSession().impersonate('SYS_ID_USER_B'); 

//Trigger REST API as USER B -- START


//Trigger REST API as USER B -- END

//Impersonate back to the original user
gs.getSession().impersonate(originalUserID);

ServiceNow Rest API Call Using Chrome Extension

1 Answers1