How to Impersonate Users in ServiceNow Using Scripts and Fix the 'Attempted Script Access to Inaccessible Member Denied' Error
- nathanlee142
- Mar 20
- 2 min read
Updated: Mar 29
ServiceNow administrators often need to test user-specific functionality by impersonating users within the system. However, when using scripts for impersonation, you might encounter an error like "Attempted script access to inaccessible member denied." This article provides clarity on this common error, explains why it occurs, and offers verified solutions for effectively impersonating users in ServiceNow through scripting.
Understanding the Impersonation Error
The error message "Attempted script access to inaccessible member denied" typically occurs when a script tries to directly manipulate user session details improperly or when the script method used is incorrect or unauthorized.
Common scenarios that cause this error include:
Using the incorrect ServiceNow API method.
Attempting to impersonate users from client-side scripts rather than server-side scripts.
Inadequate permissions or scope restrictions on scripts.
Step-by-Step Solutions for User Impersonation via Script
Correct Method for User Impersonation
To impersonate users correctly, the recommended method is to use server-side script includes or business rules with the following script snippet:
gs.getSession().impersonate("username_or_sys_id");This method accepts either the user's username or their sys_id.
Practical Example of User Impersonation:
Here's how to effectively implement user impersonation:
Navigate to a Script Include or Business Rule
Ensure this runs server-side.
Use the following verified script:
// Start impersonation
gs.getSession().impersonate("abel.tuter");
// Perform an action as the impersonated user
var incidentGR = new GlideRecord('incident');
incidentGR.addQuery("caller_id", gs.getUserID());
incidentGR.query();
while (incidentGR.next()) {
gs.log("Incident Number: " + incidentGR.number);
}
// End impersonation
session.onlineUnimpersonate();This script impersonates a user named "abel.tuter" queries incidents related specifically to that user, logs the incident numbers, and then ends the impersonation.
Alternative Solutions
If gs.getSession().impersonate() doesn't meet your use case, you can also use:
Online Impersonation Method:
session.onlineImpersonate("user_sys_id");
// ... actions performed as impersonated user
session.onlineUnimpersonate();Ensure this is used within server-side contexts, such as script includes, scheduled jobs, or business rules, to avoid client-side access restrictions.
Common Pitfalls to Avoid
Client-Side Execution: Impersonation scripts must always run on the server-side. Client-side scripts or UI policies cannot impersonate users due to security constraints.
Incorrect User References: Ensure the username or sys_id used is accurate and exists in your system.
Session Management: Always end the impersonation session properly using session.onlineUnimpersonate(); to avoid unintended session persistence.
Conclusion and Actionable Next Steps
Impersonating users via scripting is powerful for testing and validation in ServiceNow but requires careful implementation. To resolve the error "Attempted script access to inaccessible member denied":
Always use the verified server-side method gs.getSession().impersonate() or session.onlineImpersonate().
Double-check permissions, context, and user references in your scripts.
Ensure that impersonation is always followed by appropriate session cleanup.
By following these guidelines, administrators and developers can confidently utilize user impersonation scripts to enhance testing and operational efficiency in ServiceNow.
