View Issue Details

IDProjectCategoryView StatusLast Update
0020772mantisbtadministrationpublic2017-11-28 12:32
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version1.3.0-rc.1 
Target Version1.3.0-rc.2Fixed in Version1.3.0-rc.2 
Summary0020772: Allow administrators to impersonate users
Description

There are multiple scenarios where user impersonation is a useful feature. For examples:

  1. When an administrator is troubleshooting an error reported by one of the users.
  2. When an administrator wants to verify what issues/projects are and are not visible to specific user.
  3. When a user creates an (service) account and wants to create an API key for such account.

Any user with the access of managing users, should be able to do the above. Hence, instead of specifically checking for "administrator" access level, use the config option 'manage_user_threshold'.

Tagsmantishub

Relationships

has duplicate 0007561 closedcproensa "Switch user" feature request 
related to 0010291 closedcproensa Can you View what I View? 
related to 0023679 resolvedatrol Limit change of impersonation threshold to global config 

Activities

vboctor

vboctor

2016-03-31 21:59

manager   ~0052895

PR: https://github.com/mantisbt/mantisbt/pull/749

dregad

dregad

2016-04-01 06:23

developer   ~0052896

I agree this would be a useful feature, particularly in a user support context (cases 1 & 2).

Any user with the access of managing users, should be able to do the above.
Hence, instead of specifically checking for "administrator" access level, use
the config option 'manage_user_threshold'.

There is a potentially sensitive security aspect to this, and as an admin I may want to delegate user management without letting them impersonate others. It may therefore be more appropriate to have a dedicated setting to control this privilege.

vboctor

vboctor

2016-04-02 23:03

manager   ~0052901

I've added a separate configuration option for the impersonation threshold defaulted to ADMINISTRATOR. So administrator can set it to lower threshold or NOBODY.

Related Changesets

MantisBT: master 9ee63231

2016-03-31 21:53:19

vboctor

Details Diff
Allow administrators to impersonate users

There are multiple scenarios where user impersonation is a useful feature. For example:

1. When an administrator is troubleshooting an error reported by one of the users.
2. When an administrator wants to verify what issues/projects are and are not visible to specific user.
3. When a user creates an (service) account and wants to create an API key for such account.

Any user with the access of managing users, should be able to do the above. Hence,
instead of specifically checking for "administrator" access level, use the config
option 'manage_user_threshold'.

Fixes 0020772
mod - core/authentication_api.php Diff File
mod - lang/strings_english.txt Diff File
mod - manage_user_edit_page.php Diff File
add - manage_user_impersonate.php Diff File

MantisBT: master 650ceb18

2016-04-01 19:22:06

vboctor

Details Diff
Add 'Impersonate User' to user view page

- Added the impersonate button to user view page.
- Added some impersonation APIs for access checks and used them
- Change location of 'Impersonate User' button on manage user page.

Fixes 0020772
mod - core/authentication_api.php Diff File
mod - manage_user_edit_page.php Diff File
mod - view_user_page.php Diff File

MantisBT: master c711645c

2016-04-01 22:39:25

vboctor

Details Diff
Add 'impersonate_user_threshold' config option

Add a configuration option to control the threshold needed to be able
to impersonate other users.

Fixes 0020772
mod - config_defaults_inc.php Diff File
mod - core/authentication_api.php Diff File
mod - docbook/Admin_Guide/en-US/Configuration.xml Diff File
mod - docbook/Admin_Guide/en-US/User_Management.xml Diff File
add - docbook/Admin_Guide/en-US/config/user.xml Diff File

Issue History

Date Modified Username Field Change
2016-03-31 21:52 vboctor New Issue
2016-03-31 21:52 vboctor Status new => assigned
2016-03-31 21:52 vboctor Assigned To => vboctor
2016-03-31 21:59 vboctor Note Added: 0052895
2016-03-31 22:00 vboctor Tag Attached: mantishub
2016-04-01 06:23 dregad Note Added: 0052896
2016-04-02 23:03 vboctor Note Added: 0052901
2016-04-10 19:36 vboctor Changeset attached => MantisBT master 9ee63231
2016-04-10 19:36 vboctor Changeset attached => MantisBT master 650ceb18
2016-04-10 19:36 vboctor Changeset attached => MantisBT master c711645c
2016-04-10 19:36 vboctor Status assigned => resolved
2016-04-10 19:36 vboctor Resolution open => fixed
2016-04-10 19:36 vboctor Fixed in Version => 1.3.0-rc.2
2016-04-17 12:01 cproensa Relationship added related to 0010291
2016-06-12 00:42 vboctor Status resolved => closed
2016-08-17 20:21 cproensa Relationship added has duplicate 0007561
2017-11-28 12:32 atrol Relationship added related to 0023679