For testing and support reasons, it is occasionally useful to impersonate another user's account without knowing the user's password. To enable this feature, two things must be true:
Before you can impersonate an account, you must log in with valid credentials for a Person that is a member of a role with 'Impersonate' permissions.
where X is the PersonID of the user you are trying to impersonate.
From the UI, you may impersonate if you have permissions from Design > User Accounts, by double-clicking on the row of the person you wish to impersonate. If successful, you will see an information alert telling you the account you have impersonated. This process logs the impersonation to the security log.
Once you have started impersonating an account, the server maps your security cookie to the impersonated account, so to the server, all activity is as if you had logged in using the impersonated user's password.