What is impersonation?
The Cambridge Dictionary explains it as follows: the act of intentionally copying another person's characteristics, such as their behaviour, speech, appearance, or expressions, especially to make people laugh:
- He does a brilliant impersonation of Charles.
- Sally enlivens her anecdotes with hilarious impersonations.
Copied from Cambridge Dictionary
How does this work within the Content Hub?
If we take a look at the Content Hub, it has a built-in function to impersonate other accounts within the systems. This is a cool feature that you can use to solve issues for your clients. By impersonating the client that has a problem, without the need of sharing credentials or being onsite, you can log in into Content Hub via that account with the same rights. This gives you a huge benefit when debugging a security issue. Just start the impersonation and you will see exactly the same thing.
Can anyone use the impersonation feature?
No, by default only accounts that are linked to the user groups: Superusers and/or Administrators are allowed to use this feature. You could however enable this feature for other user groups as well. Go to the Manage section of the Content Hub and then to Users. Choose the user group and then click on the Privileges tab. Select Impersonate and hit Save.
No, by default only accounts that are linked to the user groups: Superusers and/or Administrators are allowed to use this feature. You could however enable this feature for other user groups as well. Go to the Manage section of the Content Hub and then to Users. Choose the user group and then click on the Privileges tab. Select Impersonate and hit Save.
Are there any risks while using this feature?
With great power comes great responsibility, someone said ;). Sitecore logs every impersonation action that someone does. You can check the User Logs in the Manage -> Users -> User Logs section. There is however an important thing to remember. While the impersonate action itself is logged, currently the action done by the person that is doing the impersonation is logged as the impersonate person. In the logs, you can't see that it was the person doing the impersonation. Keep this in mind when enabling this feature for your users.
Feature request
As part of a continuous improvement, I've requested Sitecore to register a feature request that logs the action, not only the person but also includes the person that is doing the impersonation in the logs. This will ensure that the logs will have a complete representation of what happened. The reference number for this feature is FRM-258.
Happy codin'!