Need a feature on impersonate user for non-admin users
long-term
Log In
A
Abhishek Thamman
long-term
A
Abhishek Thamman
Merged in a post:
User impersonation capability for non-admin users
V
Venetian yellow Caribou
Currently the user impersonation feature is only available for the user with account administrator privilage.
We want other users also be able to request for impersonation based on a approval model. For example we have a non admin user A in project A who wants to impersonate user B in project B. User A should be able to raise a impersoantion request which upon approval from user B grants the impersonation to A.
S
Senior Turtle
This could be an extra RBAC permission so it can be granted to the appropriate people. That way any team who should have inherit user could be granted that at the appropriate scope allowing for supoirt from the correct areas without removing least privilege by promotion to admin (break glass or otherwise)
Z
Zinnia Pinniped
Hi Abhishek, the usecase for this feature is let's suppose for support team if they want to check an issue in any of the application team's project, so for that the application team can impersonate that user for sometime to check the issue.
A
Abhishek Thamman
Zinnia Pinniped: What roles are typically provided to the Support team v/s Application team?
Also, just FYI, it is an industry-wide practice to limit the impersonation capability only to Administrators as this can be a security concern.
A
Abhishek Thamman
pending feedback
A
Abhishek Thamman
Hey Zinnia Pinniped, thanks for your feature request. Could you please explain your use case for allowing users that are not Account admin to impersonate other users? Impersonation enables access to another user's session and is inherently sensitive. To minimize security risks and avoid accidental or unauthorized access, we’ve chosen to limit this permission strictly to Account Administrators.
Thanks,
Abhishek Thamman