Impersonation

For testing and support reasons, it is occasionally useful to impersonate another user's account without knowing the user's password. To enable this feature, two things must be true:
  1. the qbo.Security.ImpersonationEnabled application setting must be set to true, and
  2. the user attempting to impersonate must have the functional 'Impersonate' permission
Before you can impersonate an account, you must log in with valid credentials for a Person that is a member of a role with 'Impersonate' permissions.

From an API or javascript, you can impersonate via:

Login.ashx/Impersonate?PersonID=X

where X is the PersonID of the user you are trying to impersonate.

To un-impersonate:

Login.ashx/UnImpersonate

From the UI, you may impersonate if you have permissions from Design > User Accounts, by double-clicking on the row of the person you wish to impersonate. If successful, you will see an information alert telling you the account you have impersonated. This process logs the impersonation to the security log.

Once you have started impersonating an account, the server maps your security cookie to the impersonated account, so to the server, all activity is as if you had logged in using the impersonated user's password.

To un-impersonate via the UI, return to Design > User Accounts, and click on the 'Unimpersonate this account' link in the information alert. This will log the action, un-impersonate the account, returning you to your 'real' account. 


Comments