Core | Essentials | DAM (4.37)

# User impersonation

If you need to see the 4ALLPORTAL front end from a user's point of view, e.g. to reproduce their problem or test a role configuration, you can use feature Impersonate. You need to have superadmin rights to choose this action.

# How does it work?

Using impersonation terminates your admin session and opens a session for any chosen system user without requiring their credentials. Impersonation is not possible for share users or the logged-in user itself.

Activate impersonation after selecting a user in admin snap-in

  • General system configurations/User settings/Users (list and detail view) as well as
  • General system configurations/User settings/Role configurations (via the ...- button after selecting a user)

Please note: Impersonate sessions will be logged with login-method "impersonate" shown in a user's login attempts.

Important privacy notice

Data access: All users that have the rights to use impersonation, will get access to all files, records, and rights of the selected user. Impersonation also grants the administrator to apply and use user related access permissions.

Before you use impersonation: Please clarify on your own responsibility with your system owner whether you are allowed to take over a user's identity and access the user's personal data.

# Disable impersonation

If you want to remove this feature from your admin snap-ins, you can edit its feature permission in configuration file impersonate.xml, folder custom/modules/user/actions.
Take the first condition, copy it, paste it directly below and set its value to "false". This will prevent the action to show.

  <conditions>
    <condition>
      <value1 type="feature">
        <value>global.has_superadmin</value>
      </value1>
      <operator>equal</operator>
      <value2 type="value">
        <value>true</value>
      </value2>
    </condition>
    <condition>
      <value1 type="feature">
        <value>global.has_superadmin</value>
      </value1>
      <operator>equal</operator>
      <value2 type="value">
        <value>false</value>
      </value2>
    </condition>
      ...
  </conditions>

Please note: Only setting the value to "false" without adding the same condition with "true" is not enough. This would set the feature permission "Only with superadmin rights" to "false", which theoretically allows all other users to use this feature.

Collection Item Index

Request missing documentation