Impersonation is used to test changes in system configuration settings and in access rights. Impersonation is also used to demonstrate the implementation of automated processes in different roles.

Role required: impersonator.

Two following parties are involved in the impersonation process: 

  • Impersonator – a user that can temporarily log in as another user.

  • Impersonated user – a user on whose behalf the interaction with the system takes place.

If a user has the impersonator role, they can impersonate other users. If an administrator has an impersonator role, they can impersonate users and administrators. The impersonator has access to what the user can access in the system, including the same tools, user interface layout, etc. The instance records impersonator's activities on behalf of the impersonated user, but specifies that it was within the impersonation session. 

Impersonate a user

To impersonate a user, complete the steps below:

  1. In the header, click your name or profile photo to open the user menu.

  2. Select Impersonate to open the modal window.

  3. Start typing the name of the user you need to impersonate. When the necessary user appears in the autosuggest, select it.

    • You need to type at least two symbols.

To return to your original login session, complete the following steps:

  1. Click the name or profile photo to open the user menu.

  2. Click Back to me.

  • Impersonators cannot impersonate inactive, blocked users, Guest User and System User. To impersonate inactive and blocked users, activate their records or unlock them.

  • To find the user you need, type their Display Name instead of login. 

    Note that the Display Name field can be empty. To find such records for further fixing, filter records in the User table by applying the following condition in the condition builder:

    [Displayable Name] is [empty]

Impersonation logs

Every time a user starts or stops impersonating another user, a related record appears in Main Log (sys_log). The format of the Message value in the record is as follows:

Impersonation {start|end}: <impersonated_user> by: <impersonator>

where both the impersonated user and impersonator are specified in the Display Name (login) format.

Both the Impersonation start and Impersonation end log records get created on behalf of the user whose account will be used for further actions:  

  • Impersonation start record: Impersonated user
  • Impersonation end record: Impersonator

See the screenshot below for an example:

Actions of impersonated users are registered in System Logs, like any other user activity.

Each log record resulting from an action of an impersonated user appears in the relevant log, as if it is done in a usual user session: 

  • Main Log (sys_log)

  • History (sys_history)

  • Script Log (sys_log_exception)

  • Exception Log (sys_log_script)

  • Record Deletion Log (sys_record_deletion_log)

See the System Audit article for more details.

A record of an impersonated user action can be identified by the value of the Username field. In such a record, the impersonator's login follows the login of the impersonated user in brackets:


  • No labels

© 2019-2024, SimpleOne

https://simpleone.ru